Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.
References
Link | Resource |
---|---|
https://community.rapid7.com/community/infosec/blog/2017/03/27/r7-2015-28-multiple-eview-ev-07s-gps-tracker-vulnerabilities | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/97194 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-03-27 14:59
Updated : 2017-03-30 18:59
NVD link : CVE-2017-5239
Mitre link : CVE-2017-5239
JSON object : View
CWE
CWE-326
Inadequate Encryption Strength
Products Affected
eviewgps
- ev-07s_gps_tracker_firmware
- ev-07s_gps_tracker