CVE-2019-14951

HIGH

Telenav Scout GPS Link 1.0.4-1.0.108 - Brute-Force Attack via Port 7050

Title source: llm

Description

The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://sites.google.com/site/iosappnss/more-vulnerable-apps-and-libraries

Scores

CVSS v3 7.5

EPSS 0.0173

EPSS Percentile 74.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-307

Status published

Products (1)

telenav/scout_gps_link 1.0.4 - 1.0.109

Published Aug 12, 2019

Tracked Since Feb 18, 2026