CVE-2016-6543
MEDIUMiTrack Easy - Unauthenticated GPS Data Exposure via MAC/Device ID Registration
Title source: llmDescription
A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/974055
Mitigation, Third Party Advisory x_refsource_misc
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93875
Scores
CVSS v3
5.9
EPSS
0.0216
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-799
CWE-284
Status
published
Products (1)
ieasytec/itrack_easy
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026