EUVD-2025-35895

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

PT-2025-43687

Name of the Vulnerable Software and Affected Versions Deck Mate 2 affected versions not specified Description The firmware update mechanism for Deck Mate 2 does not verify cryptographic signatures on update packages. Updates are encrypted using a single, hard-coded AES key shared across all devic...

CVE-2018-0488

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service heap corruption via a crafted application packet within a TLS or DTLS session...

DEBIAN-CVE-2018-0488

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service heap corruption via a crafted application packet within a TLS or DTLS session...

CVE-2018-0488

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service heap corruption via a crafted application packet within a TLS or DTLS session...