Search criteria
9 vulnerabilities found for EV-07S GPS Tracker by Eview
VAR-201703-0657
Vulnerability from variot - Updated: 2025-04-20 23:31Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!". Eview EV-07S GPS There is an authentication vulnerability in the tracker firmware.Service operation interruption (DoS) An attack may be carried out. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Attackers can use SMS commands to exploit this vulnerability to restore factory settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0657",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ev-07s gps tracker",
"scope": "eq",
"trust": 1.6,
"vendor": "eviewgps",
"version": null
},
{
"model": "ev-07s gps tracker",
"scope": null,
"trust": 0.8,
"vendor": "eview",
"version": null
},
{
"model": "industrial limited ev-07s",
"scope": "eq",
"trust": 0.3,
"vendor": "eview",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "97186"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:eviewgps:ev-07s_gps_tracker_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland of Rapid7, Inc.",
"sources": [
{
"db": "BID",
"id": "97186"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5237",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-113440",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5237",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5237",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5237",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-430",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113440",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113440"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\". Eview EV-07S GPS There is an authentication vulnerability in the tracker firmware.Service operation interruption (DoS) An attack may be carried out. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Attackers can use SMS commands to exploit this vulnerability to restore factory settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5237"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "BID",
"id": "97186"
},
{
"db": "VULHUB",
"id": "VHN-113440"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5237",
"trust": 2.8
},
{
"db": "BID",
"id": "97186",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-430",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-113440",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113440"
},
{
"db": "BID",
"id": "97186"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"id": "VAR-201703-0657",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113440"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:31:03.084000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EV07S Personal/Asset Tracking System",
"trust": 0.8,
"url": "http://www.eviewltd.com/#/products/ev07s.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113440"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97186"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5237"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5237"
},
{
"trust": 0.3,
"url": "http://www.eviewltd.com/#/products/ev07s.jsp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113440"
},
{
"db": "BID",
"id": "97186"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113440"
},
{
"db": "BID",
"id": "97186"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-113440"
},
{
"date": "2017-03-27T00:00:00",
"db": "BID",
"id": "97186"
},
{
"date": "2017-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"date": "2017-03-27T21:59:00.143000",
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-113440"
},
{
"date": "2017-04-04T00:01:00",
"db": "BID",
"id": "97186"
},
{
"date": "2017-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002727"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-430"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5237"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eview EV-07S GPS Authentication vulnerability in tracker firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002727"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-430"
}
],
"trust": 0.6
}
}
VAR-201703-0659
Vulnerability from variot - Updated: 2025-04-20 23:13Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. Eview EV-07S GPS The tracker firmware contains a vulnerability related to cryptographic strength.Information may be obtained. A buffer-overflow vulnerability 2. An information-disclosure vulnerability Successful exploits can allow attackers to obtain sensitive information or to execute arbitrary code in the context of the affected application. Failed attempts may lead to a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0659",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ev-07s gps tracker",
"scope": "eq",
"trust": 1.6,
"vendor": "eviewgps",
"version": null
},
{
"model": "ev-07s gps tracker",
"scope": null,
"trust": 0.8,
"vendor": "eview",
"version": null
},
{
"model": "industrial limited ev-07s",
"scope": "eq",
"trust": 0.3,
"vendor": "eview",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:eviewgps:ev-07s_gps_tracker_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland of Rapid7, Inc.",
"sources": [
{
"db": "BID",
"id": "97194"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5239",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5239",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113442",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5239",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5239",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5239",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-428",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113442",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113442"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener. Eview EV-07S GPS The tracker firmware contains a vulnerability related to cryptographic strength.Information may be obtained. A buffer-overflow vulnerability\n2. An information-disclosure vulnerability\nSuccessful exploits can allow attackers to obtain sensitive information or to execute arbitrary code in the context of the affected application. Failed attempts may lead to a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5239"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "VULHUB",
"id": "VHN-113442"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5239",
"trust": 2.8
},
{
"db": "BID",
"id": "97194",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-428",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-113442",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113442"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"id": "VAR-201703-0659",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113442"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:13:16.249000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EV07S Personal/Asset Tracking System",
"trust": 0.8,
"url": "http://www.eviewltd.com/#/products/ev07s.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113442"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97194"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5239"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5239"
},
{
"trust": 0.3,
"url": "http://www.eviewltd.com/#/products/ev07s.jsp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113442"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113442"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-113442"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97194"
},
{
"date": "2017-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"date": "2017-03-27T21:59:00.237000",
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-113442"
},
{
"date": "2017-04-04T00:01:00",
"db": "BID",
"id": "97194"
},
{
"date": "2017-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002726"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-428"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5239"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eview EV-07S GPS Vulnerability related to encryption strength in tracker firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002726"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-428"
}
],
"trust": 0.6
}
}
VAR-201703-0658
Vulnerability from variot - Updated: 2025-04-20 23:13Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. Eview EV-07S GPS There is a buffer error vulnerability in the tracker firmware.Information may be tampered with. A buffer-overflow vulnerability 2. An information-disclosure vulnerability Successful exploits can allow attackers to obtain sensitive information or to execute arbitrary code in the context of the affected application. Failed attempts may lead to a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0658",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ev-07s gps tracker",
"scope": "eq",
"trust": 1.6,
"vendor": "eviewgps",
"version": null
},
{
"model": "ev-07s gps tracker",
"scope": null,
"trust": 0.8,
"vendor": "eview",
"version": null
},
{
"model": "industrial limited ev-07s",
"scope": "eq",
"trust": 0.3,
"vendor": "eview",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:eviewgps:ev-07s_gps_tracker_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland of Rapid7, Inc.",
"sources": [
{
"db": "BID",
"id": "97194"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5238",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-113441",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5238",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5238",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-5238",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113441",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113441"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field. Eview EV-07S GPS There is a buffer error vulnerability in the tracker firmware.Information may be tampered with. A buffer-overflow vulnerability\n2. An information-disclosure vulnerability\nSuccessful exploits can allow attackers to obtain sensitive information or to execute arbitrary code in the context of the affected application. Failed attempts may lead to a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5238"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "VULHUB",
"id": "VHN-113441"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5238",
"trust": 2.8
},
{
"db": "BID",
"id": "97194",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-429",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-113441",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113441"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"id": "VAR-201703-0658",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113441"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:13:16.220000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EV07S Personal/Asset Tracking System",
"trust": 0.8,
"url": "http://www.eviewltd.com/#/products/ev07s.jsp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113441"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97194"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5238"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5238"
},
{
"trust": 0.3,
"url": "http://www.eviewltd.com/#/products/ev07s.jsp"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113441"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113441"
},
{
"db": "BID",
"id": "97194"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-113441"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97194"
},
{
"date": "2017-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"date": "2017-03-27T21:59:00.207000",
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-113441"
},
{
"date": "2017-04-04T00:01:00",
"db": "BID",
"id": "97194"
},
{
"date": "2017-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002725"
},
{
"date": "2017-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-429"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5238"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eview EV-07S GPS Buffer error vulnerability in tracker firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002725"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-429"
}
],
"trust": 0.6
}
}
CVE-2017-5239 (GCVE-0-2017-5239)
Vulnerability from nvd – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
Severity ?
No CVSS data available.
CWE
- Sensitive information transmitted in cleartext
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eview | EV-07S GPS Tracker |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EV-07S GPS Tracker",
"vendor": "Eview",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive information transmitted in cleartext",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-30T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EV-07S GPS Tracker",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Eview"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive information transmitted in cleartext"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5239",
"datePublished": "2017-03-27T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5238 (GCVE-0-2017-5238)
Vulnerability from nvd – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.
Severity ?
No CVSS data available.
CWE
- Lack of input bounds checking
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eview | EV-07S GPS Tracker |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EV-07S GPS Tracker",
"vendor": "Eview",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of input bounds checking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-30T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EV-07S GPS Tracker",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Eview"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of input bounds checking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5238",
"datePublished": "2017-03-27T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5237 (GCVE-0-2017-5237)
Vulnerability from nvd – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
Severity ?
No CVSS data available.
CWE
- Unauthenticated remote factory reset
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eview | EV-07S GPS Tracker |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EV-07S GPS Tracker",
"vendor": "Eview",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated remote factory reset",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-30T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EV-07S GPS Tracker",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Eview"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated remote factory reset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5237",
"datePublished": "2017-03-27T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5239 (GCVE-0-2017-5239)
Vulnerability from cvelistv5 – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
Severity ?
No CVSS data available.
CWE
- Sensitive information transmitted in cleartext
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eview | EV-07S GPS Tracker |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EV-07S GPS Tracker",
"vendor": "Eview",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Sensitive information transmitted in cleartext",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-30T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EV-07S GPS Tracker",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Eview"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive information transmitted in cleartext"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5239",
"datePublished": "2017-03-27T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5237 (GCVE-0-2017-5237)
Vulnerability from cvelistv5 – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
Severity ?
No CVSS data available.
CWE
- Unauthenticated remote factory reset
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eview | EV-07S GPS Tracker |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EV-07S GPS Tracker",
"vendor": "Eview",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated remote factory reset",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-30T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EV-07S GPS Tracker",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Eview"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated remote factory reset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5237",
"datePublished": "2017-03-27T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5238 (GCVE-0-2017-5238)
Vulnerability from cvelistv5 – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.
Severity ?
No CVSS data available.
CWE
- Lack of input bounds checking
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eview | EV-07S GPS Tracker |
Affected:
All
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EV-07S GPS Tracker",
"vendor": "Eview",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of input bounds checking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-30T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97194"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EV-07S GPS Tracker",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Eview"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of input bounds checking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
},
{
"name": "97194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97194"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5238",
"datePublished": "2017-03-27T21:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}