Vulnerability-Lookup

CVE-2017-5237 (GCVE-0-2017-5237)

Vulnerability from cvelistv5 – Published: 2017-03-27 21:00 – Updated: 2024-08-05 14:55

Summary

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

Severity ?

No CVSS data available.

CWE

Unauthenticated remote factory reset

Assigner

rapid7

References

URL

	Vendor	Product	Version
	Eview	EV-07S GPS Tracker	Affected: All

CNVD-2017-04738

Vulnerability from cnvd - Published: 2017-04-20

Title

Eview EV-07S GPS Tracker安全绕过漏洞

Description

Eview EV-07S GPS Tracker是一套用于人身安全和个人防护的GPS追踪设备。 Eview EV-07S GPS Tracker中的phone number中存在安全漏洞，该漏洞源于程序缺少身份验证。攻击者可借助SMS命令利用该漏洞恢复出厂配置。

Severity

高

Patch Name

Eview EV-07S GPS Tracker安全绕过漏洞的补丁

Patch Description

Eview EV-07S GPS Tracker是一套用于人身安全和个人防护的GPS追踪设备。 Eview EV-07S GPS Tracker中的phone number中存在安全漏洞，该漏洞源于程序缺少身份验证。攻击者可借助SMS命令利用该漏洞恢复出厂配置。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities

Reference

https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities

Impacted products

Name
Eview EV-07S GPS 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97186"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5237"
    }
  },
  "description": "Eview EV-07S GPS Tracker\u662f\u4e00\u5957\u7528\u4e8e\u4eba\u8eab\u5b89\u5168\u548c\u4e2a\u4eba\u9632\u62a4\u7684GPS\u8ffd\u8e2a\u8bbe\u5907\u3002\r\n\r\nEview EV-07S GPS Tracker\u4e2d\u7684phone number\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9SMS\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u6062\u590d\u51fa\u5382\u914d\u7f6e\u3002",
  "discovererName": "Deral Heiland of Rapid7, Inc.",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04738",
  "openTime": "2017-04-20",
  "patchDescription": "Eview EV-07S GPS Tracker\u662f\u4e00\u5957\u7528\u4e8e\u4eba\u8eab\u5b89\u5168\u548c\u4e2a\u4eba\u9632\u62a4\u7684GPS\u8ffd\u8e2a\u8bbe\u5907\u3002\r\n\r\nEview EV-07S GPS Tracker\u4e2d\u7684phone number\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9SMS\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u6062\u590d\u51fa\u5382\u914d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Eview EV-07S GPS Tracker\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Eview EV-07S GPS 0"
  },
  "referenceLink": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-31",
  "title": "Eview EV-07S GPS Tracker\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2017-5237

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

Aliases

CVE-2017-5237

Aliases

CVE-2017-5237

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5237",
    "description": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\"",
    "id": "GSD-2017-5237"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5237"
      ],
      "details": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\"",
      "id": "GSD-2017-5237",
      "modified": "2023-12-13T01:21:13.807483Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@rapid7.com",
        "ID": "CVE-2017-5237",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EV-07S GPS Tracker",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Eview"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Unauthenticated remote factory reset"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
          },
          {
            "name": "97186",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/97186"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:eviewgps:ev-07s_gps_tracker_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:eviewgps:ev-07s_gps_tracker:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2017-5237"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
            },
            {
              "name": "97186",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/97186"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-03-31T01:59Z",
      "publishedDate": "2017-03-27T21:59Z"
    }
  }
}

FKIE_CVE-2017-5237

Vulnerability from fkie_nvd - Published: 2017-03-27 21:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

References

URL	Tags
cve@rapid7.com	http://www.securityfocus.com/bid/97186
cve@rapid7.com	https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/97186
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	eviewgps	ev-07s_gps_tracker_firmware	-
	eviewgps	ev-07s_gps_tracker	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:eviewgps:ev-07s_gps_tracker_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D1D3D8-BE34-48FA-90DF-42F018935B8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:eviewgps:ev-07s_gps_tracker:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C745D1E-0AFF-4778-9D4E-C77A6C91AC43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\""
    },
    {
      "lang": "es",
      "value": "Debido a la falta de autenticaci\u00f3n, un usuario no autenticado que conoce el n\u00famero de tel\u00e9fono del Eview EV-07S GPS Tracker puede revertir el dispositivo a una configuraci\u00f3n predeterminada de f\u00e1brica con un comando SMS, \"RESET!\""
    }
  ],
  "id": "CVE-2017-5237",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-27T21:59:00.143",
  "references": [
    {
      "source": "cve@rapid7.com",
      "url": "http://www.securityfocus.com/bid/97186"
    },
    {
      "source": "cve@rapid7.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/97186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
    }
  ],
  "sourceIdentifier": "cve@rapid7.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M878-3VFV-WGVC

Vulnerability from github – Published: 2022-05-17 02:52 – Updated: 2022-05-17 02:52

Details

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-27T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\"",
  "id": "GHSA-m878-3vfv-wgvc",
  "modified": "2022-05-17T02:52:28Z",
  "published": "2022-05-17T02:52:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5237"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/97186"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201703-0657

Vulnerability from variot - Updated: 2025-04-20 23:31

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!". Eview EV-07S GPS There is an authentication vulnerability in the tracker firmware.Service operation interruption (DoS) An attack may be carried out. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Attackers can use SMS commands to exploit this vulnerability to restore factory settings

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0657",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ev-07s gps tracker",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "eviewgps",
        "version": null
      },
      {
        "model": "ev-07s gps tracker",
        "scope": null,
        "trust": 0.8,
        "vendor": "eview",
        "version": null
      },
      {
        "model": "industrial limited ev-07s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eview",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "97186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:eviewgps:ev-07s_gps_tracker_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Deral Heiland of Rapid7, Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "97186"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-5237",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-5237",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-113440",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-5237",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-5237",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-5237",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-430",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113440",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker\u0027s phone number can revert the device to a factory default configuration with an SMS command, \"RESET!\". Eview EV-07S GPS There is an authentication vulnerability in the tracker firmware.Service operation interruption (DoS) An attack may be carried out. \nAn attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Attackers can use SMS commands to exploit this vulnerability to restore factory settings",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "BID",
        "id": "97186"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5237",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "97186",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-113440",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "db": "BID",
        "id": "97186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "id": "VAR-201703-0657",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:31:03.084000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "EV07S Personal/Asset Tracking System",
        "trust": 0.8,
        "url": "http://www.eviewltd.com/#/products/ev07s.jsp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/97186"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5237"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5237"
      },
      {
        "trust": 0.3,
        "url": "http://www.eviewltd.com/#/products/ev07s.jsp"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "db": "BID",
        "id": "97186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "db": "BID",
        "id": "97186"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "date": "2017-03-27T00:00:00",
        "db": "BID",
        "id": "97186"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "date": "2017-01-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "date": "2017-03-27T21:59:00.143000",
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113440"
      },
      {
        "date": "2017-04-04T00:01:00",
        "db": "BID",
        "id": "97186"
      },
      {
        "date": "2017-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      },
      {
        "date": "2017-03-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2017-5237"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Eview EV-07S GPS Authentication vulnerability in tracker firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002727"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-430"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5237 (GCVE-0-2017-5237)

CNVD-2017-04738

GSD-2017-5237

FKIE_CVE-2017-5237

GHSA-M878-3VFV-WGVC

VAR-201703-0657

Tags

Sightings

Nomenclature