CVE-2020-17483 : An improper access control vulnerability exists in Uffizio's GPS Tracker all ver

An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.

Published 2023-12-16 01:15:07

Updated 2023-12-20 16:39:35

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-17483

Uffizio » Gps Tracker
cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-17483

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-17483

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2020-17483

https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02

Uffizio GPS Tracker | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
https://www.uffizio.com/

GPS Tracking Software | White Label GPS Tracking Software
Product

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-17483

Products affected by CVE-2020-17483

Exploit prediction scoring system (EPSS) score for CVE-2020-17483

CVSS scores for CVE-2020-17483

References for CVE-2020-17483