CVE-2016-6540

Опубликовано: 06 июл. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Ссылки

http://www.securityfocus.com/bid/93874
Third Party Advisory
VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Third Party Advisory
https://www.kb.cert.org/vuls/id/617567
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/93874
Third Party Advisory
VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Third Party Advisory
https://www.kb.cert.org/vuls/id/617567
Third Party Advisory
US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:thetrackr:trackr_bravo_firmware:*:*:*:*:*:android:*:*

Версия до 2.2.5 (исключая)

cpe:2.3:o:thetrackr:trackr_bravo_firmware:*:*:*:*:*:iphone_os:*:*

Версия до 5.1.6 (исключая)

cpe:2.3:h:thetrackr:trackr_bravo:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00365

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-306

CWE-200

Связанные уязвимости

GHSA-9g2r-5prp-3622