CVE-2017-5237

Опубликовано: 27 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

Ссылки

http://www.securityfocus.com/bid/97186
https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/97186
https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:eviewgps:ev-07s_gps_tracker_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:eviewgps:ev-07s_gps_tracker:-:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02497

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-m878-3vfv-wgvc