PT-2018-4942 · Trackr+1 · Bravo Mobile Application+1

Adam Compton

Published

2018-07-06

Updated

2019-10-09

CVE-2016-6541

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2016-6541

Affected Products

Bravo Mobile Application

Trackr Bravo Firmware

PT-2018-4942 · Trackr+1 · Bravo Mobile Application+1

CVE-2016-6541

Weakness Enumeration

Related Identifiers

Affected Products

References · 6