Lucene search
CertccCVE-2012-2562HistoryMay 22, 2012 - 3:55 p.m.
CVE-2012-2562
2012-05-2215:55:02
CWE-287
CWE-20
certcc
web.nvd.nist.gov
23
xelex mobiletrack
android
sms commands
remote attackers
security vulnerability
CVSS2
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.011
Percentile
84.8%
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
Affected configurations
Node
xelexmobiletrackRange≤2.3.7
googleandroid
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xelex | mobiletrack | * | cpe:2.3:a:xelex:mobiletrack:*:*:*:*:*:*:*:* |
| android | * | cpe:2.3:o:google:android:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2012-2562
2012-05-22 15:55:02
prion
prion
Command injection
2012-05-22 15:55:00
cvelist
cvelist
CVE-2012-2562
2012-05-22 15:00:00
cert
cert
Xelex Technologies MobileTrack contains multiple vulnerabilities
2012-05-21 00:00:00
CVSS2
7.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
7.3
Confidence
Low
EPSS
0.011
Percentile
84.8%
Related for CVE-2012-2562