Lucene search

[email protected]CVE-2012-2562

HistoryMay 22, 2012 - 3:55 p.m.

CVE-2012-2562

2012-05-2215:55:02

CWE-287

CWE-20

[email protected]

web.nvd.nist.gov

xelex mobiletrack

android

sms commands

remote attackers

security vulnerability

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.9%

JSON

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.

Affected configurations

NVD

Node

xelexmobiletrackRange≤2.3.7

AND

googleandroid

CPENameOperatorVersion
xelex:mobiletrackxelex mobiletrackle2.3.7

CPE	Name	Operator	Version
xelex:mobiletrack	xelex mobiletrack	le	2.3.7

References

blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/

secunia.com/advisories/49268

www.kb.cert.org/vuls/id/464683

www.securityfocus.com/bid/53634

exchange.xforce.ibmcloud.com/vulnerabilities/75782

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2012-2562

prion1 cvelist1 nvd1 cert1