CVE-2016-6542

low-risk
Published 2018-07-13

The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (1)

Itrackeasy

Affected Vendors

Ieasytec

References (6)

Third Party Advisory http://www.securityfocus.com/bid/93875
Mitigation https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vul...
Third Party Advisory https://www.kb.cert.org/vuls/id/974055
Third Party Advisory http://www.securityfocus.com/bid/93875
Mitigation https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vul...
Third Party Advisory https://www.kb.cert.org/vuls/id/974055
19
/ 100
low-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal