Vulnerability Description
The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.
CVSS Score
3.7
LOW
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ieasytec | Itrackeasy | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93875Third Party AdvisoryVDB Entry
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulMitigation
- https://www.kb.cert.org/vuls/id/974055Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/93875Third Party AdvisoryVDB Entry
- https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulMitigation
- https://www.kb.cert.org/vuls/id/974055Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-6542?
CVE-2016-6542 is a vulnerability with a CVSS score of 3.7 (LOW). The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.
How severe is CVE-2016-6542?
CVE-2016-6542 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6542?
Check the references section above for vendor advisories and patch information. Affected products include: Ieasytec Itrackeasy.