CVE-2016-6542

The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device

EPSS 1.8%CWE-200

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

13 Jul 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.

Affected products

iTrack · Easy

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/https://www.kb.cert.org/vuls/id/974055 http://www.securityfocus.com/bid/93875