Vulnerability Description
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xelex | Mobiletrack | <= 2.3.7 |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerab
- http://secunia.com/advisories/49268
- http://www.kb.cert.org/vuls/id/464683US Government Resource
- http://www.securityfocus.com/bid/53634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75782
- http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerab
- http://secunia.com/advisories/49268
- http://www.kb.cert.org/vuls/id/464683US Government Resource
- http://www.securityfocus.com/bid/53634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75782
FAQ
What is CVE-2012-2562?
CVE-2012-2562 is a vulnerability with a CVSS score of 7.6 (HIGH). The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEA...
How severe is CVE-2012-2562?
CVE-2012-2562 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2562?
Check the references section above for vendor advisories and patch information. Affected products include: Xelex Mobiletrack, Google Android.