ByteOS Network

NVD Vulnerability Details :

CVE-2016-6542

Modified

Source-cret@cert.org

Published At-13 Jul, 2018 | 20:29

Updated At-09 Oct, 2019 | 23:19

The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	3.7	LOW	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 3.7

Base severity: LOW

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

ieasytec>>itrackeasy>>-

cpe:2.3:a:ieasytec:itrackeasy:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov
CWE-200	Secondary	cret@cert.org

CWE ID: CWE-20

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: cret@cert.org

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/93875	cret@cert.org	Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/	cret@cert.org	Mitigation
https://www.kb.cert.org/vuls/id/974055	cret@cert.org	Third Party Advisory US Government Resource

Hyperlink: http://www.securityfocus.com/bid/93875

Source: cret@cert.org

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/

Source: cret@cert.org

Resource:

Mitigation

Hyperlink: https://www.kb.cert.org/vuls/id/974055

Source: cret@cert.org

Resource:

Third Party Advisory

US Government Resource

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History