CVE-2016-6539

Опубликовано: 06 июл. 2018

Источник: nvd

CVSS3: 3.5

CVSS2: 3.3

EPSS Низкий

Описание

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Ссылки

http://www.securityfocus.com/bid/93874
Third Party Advisory
VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Exploit
Technical Description
Third Party Advisory
https://www.kb.cert.org/vuls/id/617567
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93874
Third Party Advisory
VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Exploit
Technical Description
Third Party Advisory
https://www.kb.cert.org/vuls/id/617567
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:android:*:*

Версия до 2.2.5 (исключая)

cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:iphone_os:*:*

Версия до 5.1.6 (исключая)

cpe:2.3:h:thetrackr:trackr:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00163

Низкий

3.5 Low

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-3hvh-frvh-wpp7