Shenzhen Reachfar v28 information exposure

Posted date
4 - Alta
Affected Resources

Reachfar GPS v28.


INCIBE has coordinated the publication of 1 vulnerability that affects Shenzhen Reachfar GPS v28, a personal GPS tracker, which has been discovered by Joel Serna Moreno.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-5499: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-532.

The reported vulnerability has been solved in the latest version of the affected product.


CVE-2023-5499: information exposure vulnerability, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.

botón arriba