Sign-up

ID

VAR-201703-0657


CVE

CVE-2017-5237


TITLE

Eview EV-07S GPS Authentication vulnerability in tracker firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-002727

DESCRIPTION

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!". Eview EV-07S GPS There is an authentication vulnerability in the tracker firmware.Service operation interruption (DoS) An attack may be carried out. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Attackers can use SMS commands to exploit this vulnerability to restore factory settings

Trust: 1.98

sources: NVD: CVE-2017-5237 // JVNDB: JVNDB-2017-002727 // BID: 97186 // VULHUB: VHN-113440

AFFECTED PRODUCTS

vendor:eviewgpsmodel:ev-07s gps trackerscope:eqversion: -

Trust: 1.6

vendor:eviewmodel:ev-07s gps trackerscope: - version: -

Trust: 0.8

vendor:eviewmodel:industrial limited ev-07sscope:eqversion:0

Trust: 0.3

sources: BID: 97186 // JVNDB: JVNDB-2017-002727 // CNNVD: CNNVD-201701-430 // NVD: CVE-2017-5237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5237
value: HIGH

Trust: 1.0

NVD: CVE-2017-5237
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201701-430
value: HIGH

Trust: 0.6

VULHUB: VHN-113440
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5237
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-113440
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5237
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-113440 // JVNDB: JVNDB-2017-002727 // CNNVD: CNNVD-201701-430 // NVD: CVE-2017-5237

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-113440 // JVNDB: JVNDB-2017-002727 // NVD: CVE-2017-5237

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-430

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201701-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002727

PATCH
title:EV07S Personal/Asset Tracking Systemurl:http://www.eviewltd.com/#/products/ev07s.jsp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002727

EXTERNAL IDS
db:NVDid:CVE-2017-5237
Trust: 2.8
db:BIDid:97186
Trust: 1.4
db:JVNDBid:JVNDB-2017-002727
Trust: 0.8
db:CNNVDid:CNNVD-201701-430
Trust: 0.7
db:VULHUBid:VHN-113440
Trust: 0.1
sources:
            
            
            VULHUB: VHN-113440 // 
            
            
            
            BID: 97186 // 
            
            
            
            JVNDB: JVNDB-2017-002727 // 
            
            
            
            CNNVD: CNNVD-201701-430 // 
            
            
            
            NVD: CVE-2017-5237

REFERENCES
url:https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities
Trust: 2.8
url:http://www.securityfocus.com/bid/97186
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5237
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5237
Trust: 0.8
url:http://www.eviewltd.com/#/products/ev07s.jsp
Trust: 0.3
sources:
            
            
            VULHUB: VHN-113440 // 
            
            
            
            BID: 97186 // 
            
            
            
            JVNDB: JVNDB-2017-002727 // 
            
            
            
            CNNVD: CNNVD-201701-430 // 
            
            
            
            NVD: CVE-2017-5237

CREDITS
Deral Heiland of Rapid7, Inc.
Trust: 0.3
sources:
            
            
            BID: 97186

SOURCES
db:VULHUBid:VHN-113440
db:BIDid:97186
db:JVNDBid:JVNDB-2017-002727
db:CNNVDid:CNNVD-201701-430
db:NVDid:CVE-2017-5237

LAST UPDATE DATE
2025-04-20T23:31:03.084000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-113440date:2017-03-31T00:00:00
db:BIDid:97186date:2017-04-04T00:01:00
db:JVNDBid:JVNDB-2017-002727date:2017-04-26T00:00:00
db:CNNVDid:CNNVD-201701-430date:2017-03-30T00:00:00
db:NVDid:CVE-2017-5237date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-113440date:2017-03-27T00:00:00
db:BIDid:97186date:2017-03-27T00:00:00
db:JVNDBid:JVNDB-2017-002727date:2017-04-26T00:00:00
db:CNNVDid:CNNVD-201701-430date:2017-01-17T00:00:00
db:NVDid:CVE-2017-5237date:2017-03-27T21:59:00.143