CVE-2016-6542

Published: Jul 13, 2018Modified: Nov 21, 2024

3.7

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.2 / Impact: 1.4

Source: NVD

Description

The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.

Affected (1)

Products: Ieasytec: Itrackeasy

Ieasytec

1 product

Itrackeasy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ieasytec Itrackeasy	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/93875

Source: cret@cert.org

Third Party AdvisoryVDB Entry

https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

Source: cret@cert.org

Mitigation

https://www.kb.cert.org/vuls/id/974055

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/93875

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

Mitigation

https://www.kb.cert.org/vuls/id/974055

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.