Shenzhen Reachfar v28 information exposure
Posted date 10/10/2023
Identificador
INCIBE-2023-0433
Importance
4 - High
Affected Resources
Reachfar GPS v28.
Description
INCIBE has coordinated the publication of 1 vulnerability that affects Shenzhen Reachfar GPS v28, a personal GPS tracker, which has been discovered by Joel Serna Moreno.
This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-5499: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-532.
Solution
The reported vulnerability has been solved in the latest version of the affected product.
Detail
CVE-2023-5499: information exposure vulnerability, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.