Security restrictions bypass in Mirion Technologies products - CVE-2017-9649
Published: July 31, 2017
Vulnerability identifier: #VU7602
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-9649
CWE-ID: CWE-321
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Mirion Technologies
Affected software:
MESH Repeater
Telepole II
External Transmitters
RDS Based Boundary Monitors
DRM Based Boundary Monitors
Solar PWR
DRM-1/2б
RSD31-AM
RDS-31 iTX
iPam Transmitter f/DMC 2000
DMC 3000 Transmitter Module
MESH Repeater
Telepole II
External Transmitters
RDS Based Boundary Monitors
DRM Based Boundary Monitors
Solar PWR
DRM-1/2б
RSD31-AM
RDS-31 iTX
iPam Transmitter f/DMC 2000
DMC 3000 Transmitter Module
Detailed vulnerability description
The vulnerability allows an adjacent attacker to bypass security restrictions on the target system.
The weakness exists due to use of f hard-coded cryptographic key. An adjacent attacker can include an unchangeable, factory-set key in the 900 MHz transmitter firmware and gain access to the system.
The weakness exists due to use of f hard-coded cryptographic key. An adjacent attacker can include an unchangeable, factory-set key in the 900 MHz transmitter firmware and gain access to the system.
How to mitigate CVE-2017-9649
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.