Design/Logic Flaw

2019-08-1216:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Lexus vehicles, has an incorrect protection mechanism against brute-force attacks on the authentication process, which makes it easier for attackers to obtain multimedia-screen access via port 7050 on the cellular network, as demonstrated by a DrivingRestriction method call to uma/jsonrpc/mobile.

CPENameOperatorVersion
scout_gps_linkge1.0.4
scout_gps_linkle1.0.109

CPE	Name	Operator	Version
	scout_gps_link	ge	1.0.4
	scout_gps_link	le	1.0.109

References

sites.google.com/site/iosappnss/more-vulnerable-apps-and-libraries