11 matches found
CVE-2025-5484
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced duri...
CVE-2025-5485 SinoTrack GPS Receiver Weak Authentication
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequenc...
CVE-2025-5485 SinoTrack GPS Receiver Weak Authentication
User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequenc...
CVE-2025-5484 SinoTrack GPS Receiver Weak Authentication
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced duri...
CVE-2025-5484
CVE-2025-5484 (SinoTrack GPS Receiver) affects SinoTrack devices with a central device management interface. The root cause is weak authentication: the username is the device identifier printed on the receiver and the default password is well-known and not enforced to be changed during setup. Thi...
CVE-2025-5484 SinoTrack GPS Receiver Weak Authentication
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced duri...
SinoTrack IOT PC Platform 安全漏洞
SinoTrack IOT PC Platform is a location-based system from China-based SinoTrack. A security vulnerability exists in SinoTrack IOT PC Platform that stems from the default password not being forced to be changed, which could lead to a malicious actor obtaining a device identifier...
SinoTrack IOT PC Platform 安全漏洞
SinoTrack IOT PC Platform is a location-based system from SinoTrack, a Chinese company. A security vulnerability exists in SinoTrack IOT PC Platform that stems from a username restriction to a device identifier, which could lead malicious actors to enumerate potential targets...
CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers
The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device...
SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without...
PT-2025-25200 · Sinotrack · Sinotrack Devices
Name of the Vulnerable Software and Affected Versions: SinoTrack devices affected versions not specified Description: The issue concerns a default password that is well-known and common to all SinoTrack devices, which can be used to authenticate to the central device management interface. A...