Nastycrow

**Name of the Vulnerable Software and Affected Versions** Meitrack T366G-L GPS Tracker devices (affected versions not specified) **Description** The SPI flash chip (Winbond 25Q64JVSIQ) in Meitrack T366G-L GPS Tracker devices is accessible without authentication or tamper protection. An attacker with physical access can extract the firmware using a standard SPI programmer, such as flashrom. This allows exposure of sensitive configuration data, including APN credentials, backend server information, and network parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.