Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for itrack_easy by ieasytec

    CVE-2016-6544 (GCVE-0-2016-6544)

    Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    iTrack Easy's getgps data can be modified without authentication
    Summary
    getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/974055 third-party-advisoryx_refsource_CERT-VN
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    http://www.securityfocus.com/bid/93875 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    iTrack Easy Unknown: N/A
    Create a notification for this product.
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:28.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#974055",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/974055"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "93875",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Easy",
              "vendor": "iTrack",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-14T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#974055",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/974055"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "93875",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93875"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iTrack Easy\u0027s getgps data can be modified without authentication",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6544",
              "STATE": "PUBLIC",
              "TITLE": "iTrack Easy\u0027s getgps data can be modified without authentication"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Easy",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "iTrack"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306: Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#974055",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/974055"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "93875",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93875"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6544",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:28.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6543 (GCVE-0-2016-6543)

    Vulnerability from nvd – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data
    Summary
    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/974055 third-party-advisoryx_refsource_CERT-VN
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    http://www.securityfocus.com/bid/93875 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    iTrack Easy Unknown: N/A
    Create a notification for this product.
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#974055",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/974055"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "93875",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Easy",
              "vendor": "iTrack",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799: Improper Control of Interaction Frequency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-14T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#974055",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/974055"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "93875",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93875"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6543",
              "STATE": "PUBLIC",
              "TITLE": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Easy",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "iTrack"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-799: Improper Control of Interaction Frequency"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#974055",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/974055"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "93875",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93875"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6543",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6544 (GCVE-0-2016-6544)

    Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    iTrack Easy's getgps data can be modified without authentication
    Summary
    getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/974055 third-party-advisoryx_refsource_CERT-VN
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    http://www.securityfocus.com/bid/93875 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    iTrack Easy Unknown: N/A
    Create a notification for this product.
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:28.285Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#974055",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/974055"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "93875",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Easy",
              "vendor": "iTrack",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-14T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#974055",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/974055"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "93875",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93875"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iTrack Easy\u0027s getgps data can be modified without authentication",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6544",
              "STATE": "PUBLIC",
              "TITLE": "iTrack Easy\u0027s getgps data can be modified without authentication"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Easy",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "iTrack"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-306: Missing Authentication for Critical Function"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#974055",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/974055"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "93875",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93875"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6544",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:28.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6543 (GCVE-0-2016-6543)

    Vulnerability from cvelistv5 – Published: 2018-07-13 20:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data
    Summary
    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
    Severity
    No CVSS data available.
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    Assigner
    References
    URL Tags
    https://www.kb.cert.org/vuls/id/974055 third-party-advisoryx_refsource_CERT-VN
    https://blog.rapid7.com/2016/10/25/multiple-bluet… x_refsource_MISC
    http://www.securityfocus.com/bid/93875 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    iTrack Easy Unknown: N/A
    Create a notification for this product.
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.383Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#974055",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/974055"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "93875",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93875"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Easy",
              "vendor": "iTrack",
              "versions": [
                {
                  "status": "unknown",
                  "version": "N/A"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799: Improper Control of Interaction Frequency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-14T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#974055",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/974055"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "93875",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93875"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6543",
              "STATE": "PUBLIC",
              "TITLE": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Easy",
                          "version": {
                            "version_data": [
                              {
                                "affected": "?",
                                "version_affected": "?",
                                "version_value": "N/A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "iTrack"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-799: Improper Control of Interaction Frequency"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#974055",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/974055"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "93875",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93875"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6543",
        "datePublished": "2018-07-13T20:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }