46 matches found
EUVD-2016-7459
Malware in sbrugna...
EUVD-2016-7462
Malware in sbrugna...
EUVD-2020-5679
Malware in sbrugna...
EUVD-2016-1080
Malware in sbrugna...
EUVD-2016-7461
Malware in sbrugna...
EUVD-2016-7460
Malware in sbrugna...
CVE-2020-13425
TrackR devices through 2020-05-06 allow attackers to trigger the Beep aka alarm feature, which will eventually cause a denial of service when battery capacity is exhausted...
Phone Halo TrackR Denial of Service Vulnerability
Phone Halo TrackR is a lost key finding device from Phone Halo USA. A security vulnerability exists in Phone Halo TrackR version 2020-05-06 and earlier. An attacker can exploit the vulnerability to trigger an alert feature that results in a denial of service when the battery is depleted...
CVE-2020-13425
TrackR devices through 2020-05-06 allow attackers to trigger the Beep aka alarm feature, which will eventually cause a denial of service when battery capacity is exhausted...
CVE-2020-13425
TrackR devices through 2020-05-06 allow attackers to trigger the Beep aka alarm feature, which will eventually cause a denial of service when battery capacity is exhausted...
Denial of service
TrackR devices through 2020-05-06 allow attackers to trigger the Beep aka alarm feature, which will eventually cause a denial of service when battery capacity is exhausted...
CVE-2020-13425
TrackR devices through 2020-05-06 allow attackers to trigger the Beep aka alarm feature, which will eventually cause a denial of service when battery capacity is exhausted...
CVE-2020-13425
CVE-2020-13425 affects TrackR/Phone Halo TrackR devices. The vulnerability stems from a flaw in triggering the Beep (alarm) feature, which can exhaust battery capacity and cause denial of service. Descriptions across multiple connected documents consistently reference TrackR devices through 2020-...
Improper access control
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
CVE-2016-6539
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps,...
CVE-2016-6540
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
CVE-2016-6538
The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-654...
CVE-2016-6540
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been...
Code injection
The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps,...
Code injection
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...