Lucene search

[email protected]CVE-2012-2567

HistoryMay 22, 2012 - 3:55 p.m.

CVE-2012-2567

2012-05-2215:55:02

CWE-255

[email protected]

web.nvd.nist.gov

xelex mobiletrack

android

hardcoded credentials

sensitive information

ftp

http

cve-2012-2567

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.

Affected configurations

NVD

Node

xelexmobiletrackRange≤2.3.7

AND

googleandroid

CPENameOperatorVersion
xelex:mobiletrackxelex mobiletrackle2.3.7

CPE	Name	Operator	Version
xelex:mobiletrack	xelex mobiletrack	le	2.3.7

References

blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/

secunia.com/advisories/49268

www.kb.cert.org/vuls/id/464683

www.securityfocus.com/bid/53634

exchange.xforce.ibmcloud.com/vulnerabilities/75783

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2012-2567

prion1 cvelist1 nvd1 cert1