Xelex : Security Vulnerabilities, CVEs,
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.
Max CVSS
2.6
EPSS Score
0.52%
Published
2012-05-22
Updated
2017-08-29
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
Max CVSS
7.6
EPSS Score
1.15%
Published
2012-05-22
Updated
2017-08-29
2 vulnerabilities found