Description

Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often through local or near-local access such as connecting to the USB or Ethernet ports beneath the table - the built-in credentials permit administrative login and full control of the system. Once authenticated, an attacker can access firmware utilities, modify controller software, and establish persistent compromise. Remote attack paths via network, cellular, or telemetry links may exist in specific configurations but generally require additional capabilities or operator error. The vendor reports that USB access has been disabled in current firmware builds.

INFO

Published Date :

2025-11-03T21:56:54.734Z

Last Modified :

2025-11-05T14:56:30.044Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2025-34501 vulnerability.

Vendors Products
Shuffle Master
  • Deck Mate 2
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34501.

URL Resource
https://www.ioactive.com/wp-content/uploads/2025/05/IOActive-card-shuffler-security.pdf cve-icon cve-icon
https://www.vulncheck.com/advisories/shuffle-master-deck-mate-2-hard-coded-credentials-and-exposed-services cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability