Vulnerability Description
Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thetrackr | Trackr Bravo Firmware | < 2.2.5 |
| Thetrackr | Trackr Bravo | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93874Third Party AdvisoryVDB Entry
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulThird Party Advisory
- https://www.kb.cert.org/vuls/id/617567Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/TNOY-AF3KCZThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/93874Third Party AdvisoryVDB Entry
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulThird Party Advisory
- https://www.kb.cert.org/vuls/id/617567Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/TNOY-AF3KCZThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-6540?
CVE-2016-6540 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as...
How severe is CVE-2016-6540?
CVE-2016-6540 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6540?
Check the references section above for vendor advisories and patch information. Affected products include: Thetrackr Trackr Bravo Firmware, Thetrackr Trackr Bravo.