CVE-2016-6540

Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/93874	Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/	Third Party Advisory
https://www.kb.cert.org/vuls/id/617567	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/93874	Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/	Third Party Advisory
https://www.kb.cert.org/vuls/id/617567	Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:thetrackr:trackr_bravo_firmware::::::android::*
	cpe:2.3:o:thetrackr:trackr_bravo_firmware::::::iphone_os::*

cpe:2.3:h:thetrackr:trackr_bravo:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:56

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/93874 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/93874 - Third Party Advisory, VDB Entry
References	~~() https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ - Third Party Advisory~~	() https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ - Third Party Advisory
References	~~() https://www.kb.cert.org/vuls/id/617567 - Third Party Advisory, US Government Resource~~	() https://www.kb.cert.org/vuls/id/617567 - Third Party Advisory, US Government Resource
References	~~() https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ - Third Party Advisory, US Government Resource~~	() https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ - Third Party Advisory, US Government Resource

Information

Published : 2018-07-06 21:29

Updated : 2024-11-21 02:56

NVD link : CVE-2016-6540

Mitre link : CVE-2016-6540

CVE.ORG link : CVE-2016-6540

JSON object : View

Products Affected

thetrackr

trackr_bravo_firmware
trackr_bravo

CWE

CWE-306

Missing Authentication for Critical Function

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2016-6540", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-07-06T21:29:00.343", "references": [{"url": "http://www.securityfocus.com/bid/93874", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/617567", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/93874", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/617567", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}, {"lang": "es", "value": "Se permite el acceso no autenticado al servicio cloud mantenido por TrackR Bravo para consultar o enviar datos de GPS a cualquier dispositivo Trackr utilizando el n\u00famero ID del rastreador, el cual se puede descubrir tal y como se describe en CVE-2016-6539. El fabricante ha publicado las apps actualizadas (5.1.6 para iOS y 2.2.5 para Android) para solucionar las vulnerabilidades en CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 y CVE-2016-6541."}], "lastModified": "2024-11-21T02:56:19.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:thetrackr:trackr_bravo_firmware:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "56349B07-D837-41EF-980B-A7AC47519651", "versionEndExcluding": "2.2.5"}, {"criteria": "cpe:2.3:o:thetrackr:trackr_bravo_firmware:*:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "C38B982A-C290-4B65-AE7A-717AB80F4CE2", "versionEndExcluding": "5.1.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:thetrackr:trackr_bravo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4B253B5-5CB1-465C-874C-68EA9AEBA832"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-6540

6.5^/10

3.3^/10

Attach tags to `CVE-2016-6540`