Описание
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.7 (включая)
Одновременно
cpe:2.3:a:xelex:mobiletrack:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02336
Низкий
7.6 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
EPSS
Процентиль: 84%
0.02336
Низкий
7.6 High
CVSS2
Дефекты
CWE-20