CVE-2016-6539 Information

Feb 14, 2021 cve

Description

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device effectively exposing the device ID. The ID can be used to track devices. Updated apps version 5.1.6 for iOS and 2.2.5 for Android have been released by the vendor to address the vulnerabilities in CVE-2016-6538 CVE-2016-6539 CVE-2016-6540 and CVE-2016-6541.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

http://www.securityfocus.com/bid/93874 https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ https://www.kb.cert.org/vuls/id/617567 https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.5

Share on: