23 matches found
EUVD-2016-7462
Malware in sbrugna...
EUVD-2016-7461
Malware in sbrugna...
EUVD-2016-7459
Malware in sbrugna...
CVE-2016-6540
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
CVE-2016-6540
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
CVE-2016-6538
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-654...
Improper access control
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
CVE-2016-6538
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-654...
Code injection
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
Code injection
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-654...
CVE-2016-6541
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
CVE-2016-6541
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
CVE-2016-6539 TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps,...
CVE-2016-6540 TrackR Bravo is missing authentication for the cloud service and allows querying or sending of GPS data from unauthenticated users
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
CVE-2016-6538 TrackR Bravo mobile application stores account passwords in cleartext
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-654...
CVE-2016-6540
The CVE-2016-6540 issue concerns TrackR Bravo’s cloud service where an unauthenticated attacker can query or send GPS data for any TrackR device by using a tracker ID. The tracker ID can be discovered via CVE-2016-6539, which describes the device ID construction and proximity-based exposure of th...
CVE-2016-6541 TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
CVE-2016-6538
The TrackR Bravo app stores the account password for cloud authentication in cleartext in cache.db (affected in all reports). Affected versions are iOS 5.1.6 and Android 2.2.5; vendors released updates to address CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. CVSS data indicate pa...
CVE-2016-6541
The CVE-2016-6541 entry concerns TrackR Bravo. The affected software is the TrackR Bravo mobile app (iOS v5.1.6, Android v2.2.5). The vulnerability arises from unauthenticated pairing, enabling unauthenticated connected applications to write to various device attributes. The connected documents c...
TrackR Bravo Information Disclosure Vulnerability
The TrackR Bravo is a Bluetooth item loss prevention device. TrackR Bravo has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...