Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
References
Link | Resource |
---|---|
https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/97186 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-03-27 14:59
Updated : 2017-03-30 18:59
NVD link : CVE-2017-5237
Mitre link : CVE-2017-5237
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
eviewgps
- ev-07s_gps_tracker_firmware
- ev-07s_gps_tracker