VDB
CVE-2017-3217
CVE-2017-3217
PUBLISHED
CVSS 9.300000190734863 CRITICAL
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.
EPSS 0.48% · 65.3th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
0.48%
65.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| calamp | lmu_3030_obd-ii_firmware | |
| CalAmp | LMU 3030 OBD-II | CDMA, GSM |
| calamp | lmu_3030_gsm_firmware | |
| calamp | lmu_3030_cdma_firmware |
Timeline
- Jun 8, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- 98964 vdb
- VU#251927 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-3217 advisory