Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for trackr_firmware by thetrackr

    CVE-2020-13425 (GCVE-0-2020-13425)

    Vulnerability from nvd – Published: 2020-05-23 19:07 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:18.379Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-23T19:07:31.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-13425",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/",
                  "refsource": "MISC",
                  "url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-13425",
        "datePublished": "2020-05-23T19:07:31.000Z",
        "dateReserved": "2020-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:18.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6539 (GCVE-0-2016-6539)

    Vulnerability from nvd – Published: 2018-07-06 21:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID
    Summary
    The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93874"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "VU#617567",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/617567"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "iOS"
              ],
              "product": "Bravo Mobile Application",
              "vendor": "TrackR",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.6"
                }
              ]
            },
            {
              "platforms": [
                "Android"
              ],
              "product": "Bravo Mobile Application",
              "vendor": "TrackR",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.2.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-07T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "93874",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93874"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "VU#617567",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/617567"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6539",
              "STATE": "PUBLIC",
              "TITLE": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bravo Mobile Application",
                          "version": {
                            "version_data": [
                              {
                                "affected": "!",
                                "platform": "iOS",
                                "version_affected": "!",
                                "version_value": "5.1.6"
                              },
                              {
                                "affected": "!",
                                "platform": "Android",
                                "version_affected": "!",
                                "version_value": "2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TrackR"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93874",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93874"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "VU#617567",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/617567"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6539",
        "datePublished": "2018-07-06T21:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13425 (GCVE-0-2020-13425)

    Vulnerability from cvelistv5 – Published: 2020-05-23 19:07 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:18.379Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-23T19:07:31.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-13425",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/",
                  "refsource": "MISC",
                  "url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-13425",
        "datePublished": "2020-05-23T19:07:31.000Z",
        "dateReserved": "2020-05-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:18.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6539 (GCVE-0-2016-6539)

    Vulnerability from cvelistv5 – Published: 2018-07-06 21:00 – Updated: 2024-08-06 01:36
    VLAI
    Title
    TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID
    Summary
    The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Date Public
    2016-10-25 00:00
    Credits
    Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:36:27.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "93874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93874"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
              },
              {
                "name": "VU#617567",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/617567"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "iOS"
              ],
              "product": "Bravo Mobile Application",
              "vendor": "TrackR",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.6"
                }
              ]
            },
            {
              "platforms": [
                "Android"
              ],
              "product": "Bravo Mobile Application",
              "vendor": "TrackR",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "2.2.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
            }
          ],
          "datePublic": "2016-10-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-07T09:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "93874",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/93874"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
            },
            {
              "name": "VU#617567",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/617567"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2016-6539",
              "STATE": "PUBLIC",
              "TITLE": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bravo Mobile Application",
                          "version": {
                            "version_data": [
                              {
                                "affected": "!",
                                "platform": "iOS",
                                "version_affected": "!",
                                "version_value": "5.1.6"
                              },
                              {
                                "affected": "!",
                                "platform": "Android",
                                "version_affected": "!",
                                "version_value": "2.2.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TrackR"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "93874",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/93874"
                },
                {
                  "name": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ",
                  "refsource": "MISC",
                  "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"
                },
                {
                  "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
                  "refsource": "MISC",
                  "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
                },
                {
                  "name": "VU#617567",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/617567"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2016-6539",
        "datePublished": "2018-07-06T21:00:00.000Z",
        "dateReserved": "2016-08-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:36:27.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }