PT-2018-4939 · Trackr+1 · Bravo Mobile Application+1

Adam Compton

Published

2018-07-06

Updated

2019-10-09

CVE-2016-6538

CVSS v2.0

3.3

Low

Vector

AV:A/AC:L/Au:N/C:P/I:N/A:N

The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-313CWE-255

Related Identifiers

CVE-2016-6538

Affected Products

Bravo Mobile Application

Trackr Bravo Firmware

PT-2018-4939 · Trackr+1 · Bravo Mobile Application+1

CVE-2016-6538

Weakness Enumeration

Related Identifiers

Affected Products

References · 6