QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-3217

Back to search

CVE-2017-3217

Published: Jul 24, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.

VendorProductVersions

CalAmp

LMU 3030 OBD-II

affected
CDMA
affected
GSM

Weaknesses (CWE)

CWE-306

References

98964
vdb-entry
x_refsource_BID
VU#251927
third-party-advisory
x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now