Shenzhen Reachfar v28 information exposure

Posted date 10/10/2023

Importance

4 - High

Affected Resources

Reachfar GPS v28.

Description

INCIBE has coordinated the publication of 1 vulnerability that affects Shenzhen Reachfar GPS v28, a personal GPS tracker, which has been discovered by Joel Serna Moreno.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-5499: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-532.

Solution

The reported vulnerability has been solved in the latest version of the affected product.

Detail

CVE-2023-5499: information exposure vulnerability, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.

References list

Vendor website

Reachfar gps V28 - personal GPS tracker

Etiquetas