Eviewgps Ev-07s Gps Tracker Firmware : Security vulnerabilities, CVEs

Copy

CVE-2017-5239

Due to a lack of standard encryption when transmitting sensitive information over the internet to a centralized monitoring service, the Eview EV-07S GPS Tracker discloses personally identifying information, such as GPS data and IMEI numbers, to any man-in-the-middle (MitM) listener.

Max CVSS

7.5

EPSS Score

0.08%

Published

2017-03-27

Updated

2017-03-31

CVE-2017-5238

Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.

Max CVSS

5.3

EPSS Score

0.10%

Published

2017-03-27

Updated

2017-03-31

CVE-2017-5237

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

Max CVSS

7.8

EPSS Score

0.10%

Published

2017-03-27

Updated

2017-03-31

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!