Описание
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationThird Party Advisory
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- MitigationThird Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ieasytec:itrack_easy:-:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01206
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
CWE-287
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.
EPSS
Процентиль: 79%
0.01206
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
CWE-287