Shenzhen Reachfar v28 information exposure

Posted date
10/10/2023
Importance
4 - Alta
Affected Resources

Reachfar GPS v28.

Description

INCIBE has coordinated the publication of 1 vulnerability that affects Shenzhen Reachfar GPS v28, a personal GPS tracker, which has been discovered by Joel Serna Moreno.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-5499: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-532.
Solution

The reported vulnerability has been solved in the latest version of the affected product.

Detail

CVE-2023-5499: information exposure vulnerability, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.

botón arriba