VDB

CVE-2017-3217

CVE-2017-3217 PUBLISHED CVSS 9.300000190734863 CRITICAL

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.

EPSS 0.48% · 65.3th percentile

Risk Scores

CVSS 2.0
9.300000190734863
EPSS Score
0.48%
65.3th percentile

Affected Products

VendorProductVersions
calamplmu_3030_obd-ii_firmware
CalAmpLMU 3030 OBD-IICDMA, GSM
calamplmu_3030_gsm_firmware
calamplmu_3030_cdma_firmware

Timeline

  • Jun 8, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›