exploitDog

CVE-2025-51643

Опубликовано: 28 авг. 2025

Источник: nvd

CVSS3: 2.4

EPSS Низкий

Описание

Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of sensitive configuration data such as APN credentials, backend server information, and network parameter

Ссылки

https://github.com/NastyCrow/CVE-2025-51643
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:meitrack:t366l-g_firmware:t366l_y24h131v039:*:*:*:*:*:*:*

cpe:2.3:h:meitrack:t366l-g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 4%

0.00018

Низкий

2.4 Low

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-5mh7-cqvw-mcp7

CVSS3: 2.4

github

5 месяцев назад

Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of sensitive configuration data such as APN credentials, backend server information, and network parameter

EPSS

Процентиль: 4%

0.00018

Низкий

2.4 Low

CVSS3

Дефекты

CWE-200