16 matches found
EUVD-2019-11015
Malware in sbrugna...
EUVD-2012-2548
Malware in sbrugna...
EUVD-2015-7219
Malware in sbrugna...
EUVD-2017-14342
Malware in sbrugna...
CVE-2021-44480
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers who know the SIM phone number and password to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords...
CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
CVE-2021-44480
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers who know the SIM phone number and password to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords...
Default credentials
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers who know the SIM phone number and password to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords...
CVE-2021-44480
The CVE-2021-44480 entry concerns the Wokka Lokka Q50 smartwatch. Affected device: Wokka Lokka Q50 (through 2021-11-30). Vulnerable component/flow: a vulnerability in the device’s SMS/callback mechanism that lets a remote attacker — who knows the SIM phone number and the default password — listen...
CVE-2021-44480
Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers who know the SIM phone number and password to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords...
CVE-2019-20470
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...
Default configuration
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"...
CVE-2017-5237
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"...
CVE-2015-7288
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...
CVE-2015-7288
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...
CVE-2012-2562
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a 1 LOCATE, 2 TRACK, 3 UPDATECFG, 4 UPDATEACCT, 5 STAT, 6 TERM, or 7 WIPE command via an SMS message...