CVE-2016-6541

EPSS 0.63%
Veröffentlicht 06.07.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 02:56:19
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thetrackr ≫ Trackr Bravo Firmware SwPlatformandroid Version < 2.2.5

Thetrackr ≫ Trackr Bravo Version-

Thetrackr ≫ Trackr Bravo Firmware SwPlatformiphone_os Version < 5.1.6

Thetrackr ≫ Trackr Bravo Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.698

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

http://www.securityfocus.com/bid/93874

Third Party Advisory

VDB Entry

https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

Third Party Advisory

https://www.kb.cert.org/vuls/id/617567

Third Party Advisory

US Government Resource

https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-6541