CVE-2025-5484

Name of the Vulnerable Software and Affected Versions SinoTrack devices (affected versions not specified)

Description The issue concerns a default password that is well-known and common to all SinoTrack devices, which can be used to authenticate to the central device management interface. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites. This flaw allows an attacker to gain access to the device's administrative panel, potentially taking full control of the vehicle, including turning off the engine, disabling the brakes, unlocking doors, and manipulating any function the device controls within the vehicle. The estimated number of potentially affected devices worldwide is in the millions, with these devices being especially popular in Latin American countries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.