Xelex : Security Vulnerabilities, CVEs, (Gain Privilege)
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
Max CVSS
7.6
EPSS Score
1.15%
Published
2012-05-22
Updated
2017-08-29
1 vulnerabilities found