21 matches found
CVE-2019-20470
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
CVE-2022-2141
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...
CVE-2022-2107
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
Hardcoded credentials
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
CVE-2022-2107
CVE-2022-2107: MiCODUS MV720 GPS tracker API server uses a hard-coded master password, enabling unauthenticated login and direct SMS-command control of trackers (impersonating owners, accessing/modifying data, and potentially steering vehicles). Device IDs are sequential, aiding targeting. Public...
CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
CVE-2022-2141 ICSA-22-200-01 MiCODUS MV720 GPS tracker Improper Authentication
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...
MiCODUS MV720 GPS 信任管理问题漏洞
The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. The MiCODUS MV720 GPS tracker suffers from a trust management issue vulnerability that stems from the API server having an authentication mechanism that allows the device to use a hard-coded master password. This could allow an attacker to...
CVE-2019-20470
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
Default credentials
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
CVE-2019-20470
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
CVE-2019-20470
The TK-Star Q90 Junior GPS watch (firmware 3.1042.9.8656) is affected by CVE-2019-20470 and CVE-2019-20471. A default administrative password (123456) is used at initial setup and there is no prompt to change it. An SMS with the proper password, e.g., pw,,call,, can trigger the watch to initiate ...
CVE-2019-20470
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
TK-Star Q90 Junior GPS horloge security vulnerability
The TK-Star Q90 Junior GPS horloge is a Gps location tracker from TK-Star China. A security vulnerability exists in the TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices that allows execution of operations based on specific SMS commands...
PT-2021-9034 · Tk Star · Tk-Star Q90 Junior Gps Horloge
Name of the Vulnerable Software and Affected Versions: TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: An issue was discovered in the TK-Star Q90 Junior GPS horloge, where it performs actions based on certain SMS commands. This can be used to set up a voice communication channel...
X (Formerly Twitter): Ability to perform actions (Tweet, Retweet, DM) and other actions, unauthenticated, on any account with SMS enabled.
Summary: By knowing the mobile phone number associated with a Twitter account, or by using random mobile phone numbers! It is possible to perform the following actions against a target without their knowledge or interaction. With no account takeover scenario. It's a case of, if I know the mobile...
CBM - Car Backdoor Maker
A hardware-backdoor for CAN bus - by @UnaPibaGeek & @holesec For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a...
Car Backdoor Maker: CBM
Car Backdoor Maker For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users ...
CVE-2012-2562
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...
CVE-2012-2562
The CVE-2012-2562 entry concerns Xelex MobileTrack for Android (≤ 2.3.7). The issue is lack of verification of SMS command origin, allowing an unauthenticated remote attacker to issue commands (LOCATE, TRACK, UPDATECFG, UPDATEACCT, STAT, TERM, WIPE) via SMS. Consequences cited include possible un...