CVE-2016-6543

A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
References
Link Resource
http://www.securityfocus.com/bid/93875 Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ Mitigation Third Party Advisory
https://www.kb.cert.org/vuls/id/974055 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:ieasytec:itrack_easy:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-13 20:29

Updated : 2024-02-04 20:03


NVD link : CVE-2016-6543

Mitre link : CVE-2016-6543

CVE.ORG link : CVE-2016-6543


JSON object : View

Products Affected

ieasytec

  • itrack_easy
CWE
CWE-284

Improper Access Control

CWE-799

Improper Control of Interaction Frequency