Sign-up

ID

VAR-201807-0041


CVE

CVE-2016-6542


TITLE

iTrack Easy contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#974055

DESCRIPTION

The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address. iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication. iTrack The device contains an input validation vulnerability.Information may be obtained. iTrack Easy is prone to the following security vulnerabilities: 1. Multiple information-disclosure vulnerabilities 2. Multiple security-bypass vulnerabilities 3. Authentication-bypass vulnerability An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions or to obtain sensitive information that may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2016-6542 // CERT/CC: VU#974055 // JVNDB: JVNDB-2016-009195 // BID: 93875

IOT TAXONOMY

category:['industrial device']sub_category:tracker

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:ieasytecmodel:itrackeasyscope:eqversion: -

Trust: 1.6

vendor:itrackmodel: - scope: - version: -

Trust: 0.8

vendor:kkmmodel:itrack easyscope: - version: -

Trust: 0.8

vendor:itrackmodel:easy itrack easyscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#974055 // BID: 93875 // JVNDB: JVNDB-2016-009195 // CNNVD: CNNVD-201610-777 // NVD: CVE-2016-6542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6542
value: LOW

Trust: 1.0

NVD: CVE-2016-6542
value: LOW

Trust: 0.8

CNNVD: CNNVD-201610-777
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2016-6542
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2016-6542
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2016-009195 // CNNVD: CNNVD-201610-777 // NVD: CVE-2016-6542

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-200

Trust: 1.0

sources: JVNDB: JVNDB-2016-009195 // NVD: CVE-2016-6542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-777

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201610-777

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009195

PATCH
title:What is iTrackEasyurl:http://www.ieasytec.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-009195

EXTERNAL IDS
db:CERT/CCid:VU#974055
Trust: 3.5
db:NVDid:CVE-2016-6542
Trust: 2.8
db:BIDid:93875
Trust: 1.9
db:JVNid:JVNVU99779077
Trust: 0.8
db:JVNDBid:JVNDB-2016-009195
Trust: 0.8
db:CNNVDid:CNNVD-201610-777
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CERT/CC: VU#974055 // 
            
            
            
            BID: 93875 // 
            
            
            
            JVNDB: JVNDB-2016-009195 // 
            
            
            
            CNNVD: CNNVD-201610-777 // 
            
            
            
            NVD: CVE-2016-6542

REFERENCES
url:https://www.kb.cert.org/vuls/id/974055
Trust: 2.7
url:http://www.securityfocus.com/bid/93875
Trust: 1.6
url:https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
Trust: 1.6
url:http://www.ieasytec.com/
Trust: 1.1
url:https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6542
Trust: 0.8
url:https://jvn.jp/vu/jvnvu99779077/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-6542
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CERT/CC: VU#974055 // 
            
            
            
            BID: 93875 // 
            
            
            
            JVNDB: JVNDB-2016-009195 // 
            
            
            
            CNNVD: CNNVD-201610-777 // 
            
            
            
            NVD: CVE-2016-6542

CREDITS
Inc.,Deral Heiland and Adam Compton of Rapid7
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201610-777

SOURCES
db:OTHERid: - 
db:CERT/CCid:VU#974055
db:BIDid:93875
db:JVNDBid:JVNDB-2016-009195
db:CNNVDid:CNNVD-201610-777
db:NVDid:CVE-2016-6542

LAST UPDATE DATE
2025-01-30T19:38:03.397000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#974055date:2016-10-25T00:00:00
db:BIDid:93875date:2016-10-26T00:19:00
db:JVNDBid:JVNDB-2016-009195date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201610-777date:2019-10-17T00:00:00
db:NVDid:CVE-2016-6542date:2024-11-21T02:56:19.303

SOURCES RELEASE DATE
db:CERT/CCid:VU#974055date:2016-10-25T00:00:00
db:BIDid:93875date:2016-10-25T00:00:00
db:JVNDBid:JVNDB-2016-009195date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201610-777date:2016-10-27T00:00:00
db:NVDid:CVE-2016-6542date:2018-07-13T20:29:00.237