CVE-2016-6543 Information

Description

A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data which can allow unauthenticated parties to track the device.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/93875 https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ https://www.kb.cert.org/vuls/id/974055

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9