CNNVD-202510-3397 Information

CNNVD ID

CNNVD-202510-3397

Related CVE

CVE-2025-34503

• CNNVD Published: 2025-10-24

Description (Chinese)

Light & Wonder Deck Mate是英国Light & Wonder公司的一款自动发牌设备。 Light & Wonder Deck Mate存在安全漏洞，该漏洞源于直接从外部EEPROM执行固件而未验证真实性或完整性，可能导致物理访问的攻击者替换或重新刷新EEPROM以运行持久性任意代码。

Description (English)

Light & Wonder Deck Mate is an automated distribution device by Light & Wonder, United Kingdom. Light & Wonder Deck Mate has a security loophole, which stems from the fact that the authenticity or integrity is not verified directly from the outside EEEPROM, and may lead to physical access to the assailants replacing or refreshing EEEPROM to run persistent arbitrary codes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Light & Wonder

Published

2025-10-24

Last Modified

2026-02-24

References

https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf https://www.vulncheck.com/advisories/shuffle-master-deck-mate-1-unauthenticated-eeprom-firmware-execution https://access.redhat.com/security/cve/cve-2025-34503