VAR-201807-0064
Vulnerability from variot - Updated: 2025-01-30 21:16The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Trackr The device contains an information disclosure vulnerability.Information may be obtained. TrackR Bravo is prone to multiple information-disclosure and security-bypass vulnerabilities. An attacker can exploit this issue to gain access to sensitive information or bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trackr",
"scope": "lt",
"trust": 1.0,
"vendor": "thetrackr",
"version": "2.2.5"
},
{
"model": "trackr",
"scope": "lt",
"trust": 1.0,
"vendor": "thetrackr",
"version": "5.1.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trackr",
"version": null
},
{
"model": "trackr",
"scope": null,
"trust": 0.8,
"vendor": "trackr",
"version": null
},
{
"model": "bravo",
"scope": "eq",
"trust": 0.3,
"vendor": "trackr",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:thetrackr:trackr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inc.,Deral Heiland and Adam Compton of Rapid7",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
],
"trust": 0.6
},
"cve": "CVE-2016-6539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2016-6539",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2016-6539",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6539",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2016-6539",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-774",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Trackr The device contains an information disclosure vulnerability.Information may be obtained. TrackR Bravo is prone to multiple information-disclosure and security-bypass vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information or bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6539"
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "BID",
"id": "93874"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#617567",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2016-6539",
"trust": 2.8
},
{
"db": "BID",
"id": "93874",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"id": "VAR-201807-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"industrial device"
],
"sub_category": "tracker",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:16:39.080000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.thetrackr.com/jp/"
},
{
"title": "TrackR Bravo Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99594"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/617567"
},
{
"trust": 2.4,
"url": "https://www.kb.cert.org/vuls/id/tnoy-af3kcz"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93874"
},
{
"trust": 1.6,
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"trust": 1.1,
"url": "https://www.thetrackr.com/bravo"
},
{
"trust": 1.1,
"url": "https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6539"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6539"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#617567"
},
{
"date": "2016-10-25T00:00:00",
"db": "BID",
"id": "93874"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"date": "2018-07-06T21:29:00.280000",
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-27T00:00:00",
"db": "CERT/CC",
"id": "VU#617567"
},
{
"date": "2016-10-26T01:17:00",
"db": "BID",
"id": "93874"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"date": "2024-11-21T02:56:18.943000",
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TrackR Bravo contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#617567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…