GPS Tracker Security Vulnerabilities
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local...
9.8CVSS
9.3AI Score
0.003EPSS
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external...
6.1CVSS
6.2AI Score
0.0005EPSS
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have.....
7.5CVSS
7.3AI Score
0.001EPSS
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a...
8.8CVSS
8.5AI Score
0.001EPSS
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS...
7.1CVSS
6.3AI Score
0.001EPSS
Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM)...
7.5CVSS
7.3AI Score
0.001EPSS
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command,...
7.5CVSS
7.5AI Score
0.001EPSS
Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another...
5.3CVSS
5.4AI Score
0.001EPSS