VYPR

Deck Mate 2

by IOActive

CVEs (2)

  • CVE-2025-34501HigNov 3, 2025
    risk 0.46cvss epss 0.00

    Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled by default. If an attacker can reach these interfaces - most often through local or near-local…

  • CVE-2025-34502HigOct 24, 2025
    risk 0.46cvss epss 0.00

    Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code…