3.5
CVE-2016-6539
- EPSS 1.29%
- Veröffentlicht 06.07.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:56:18
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginTrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Thetrackr ≫ Trackr Firmware SwPlatformandroid Version < 2.2.5
Thetrackr ≫ Trackr Firmware SwPlatformiphone_os Version < 5.1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.29% | 0.664 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 2.1 | 1.4 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 3.3 | 6.5 | 2.9 |
AV:A/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.securityfocus.com/bid/93874
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
https://www.kb.cert.org/vuls/id/617567
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ