PT-2019-13888 · Telenav · Telenav Scout Gps Link

Published

2019-08-12

Updated

2020-08-24

CVE-2019-14951

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Telenav Scout GPS Link app version 1.x

Description The issue concerns an incorrect protection mechanism against brute-force attacks on the authentication process. This makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network. The attack can be demonstrated by a DrivingRestriction method call to "uma/jsonrpc/mobile".

Recommendations For Telenav Scout GPS Link app version 1.x, consider restricting access to port 7050 on the cellular network as a temporary workaround until a patch is available. Avoid using the DrivingRestriction method call to "uma/jsonrpc/mobile" in the affected app until the issue is resolved.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2019-14951

Affected Products

Telenav Scout Gps Link

PT-2019-13888 · Telenav · Telenav Scout Gps Link

CVE-2019-14951

Weakness Enumeration

Related Identifiers

Affected Products

References · 3