Vulnerability Details : CVE-2016-2333
SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
Products affected by CVE-2016-2333
- cpe:2.3:o:systech:syslink_sl-1000_modular_gateway_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2333
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2333
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-2333
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2333
-
http://www.kb.cert.org/vuls/id/822980
VU#822980 - SysLINK M2M Modular Gateway contains multiple vulnerabilitiesThird Party Advisory;US Government Resource
Jump to