PT-2018-4941 · Trackr+1 · Bravo Mobile Application+1

Adam Compton

Publicado

2018-07-06

Atualizado

2019-10-09

CVE-2016-6540

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Correção

Missing Authentication

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-200

Identificadores relacionados

CVE-2016-6540

Produtos afetados

Bravo Mobile Application

Trackr Bravo Firmware

PT-2018-4941 · Trackr+1 · Bravo Mobile Application+1

CVE-2016-6540

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6