PT-2018-4941 · Trackr+1 · Bravo Mobile Application+1

Adam Compton

Published

2018-07-06

Updated

2019-10-09

CVE-2016-6540

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Fix

Missing Authentication

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-200

Related Identifiers

CVE-2016-6540

Affected Products

Bravo Mobile Application

Trackr Bravo Firmware

PT-2018-4941 · Trackr+1 · Bravo Mobile Application+1

CVE-2016-6540

Weakness Enumeration

Related Identifiers

Affected Products

References · 6