Vulnerability Note VU#974055
iTrack Easy contains multiple vulnerabilities
iTrack Easy contains multiple vulnerabilities including sensitive information exposure and missing authentication.
CWE-200: Information Exposure - CVE-2016-6542
The iTrack device tracking ID number is the device's BLE MAC address. It can be obtained by being in range of the device.
These vulnerabilities may allow an unauthenticated, remote attacker to track a user's location without their consent.
The CERT/CC is currently unaware of a practical solution to this problem.
Use with caution
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|iTrack||Affected||13 Sep 2016||25 Oct 2016|
CVSS Metrics (Learn More)
Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2016-6542 CVE-2016-6543 CVE-2016-6544 CVE-2016-6545 CVE-2016-6546
- Date Public: 25 Oct 2016
- Date First Published: 25 Oct 2016
- Date Last Updated: 25 Oct 2016
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.