Vulnerabilities > Ieasytec

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2016-6545 Session Fixation vulnerability in Ieasytec Itrackeasy
Session cookies are not used for maintaining valid sessions in iTrack Easy.
network
low complexity
ieasytec CWE-384
5.0
2018-07-13 CVE-2016-6544 Improper Authentication vulnerability in Ieasytec Itrack Easy
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps.
network
low complexity
ieasytec CWE-287
5.0
2018-07-13 CVE-2016-6543 Improper Access Control vulnerability in Ieasytec Itrack Easy
A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
network
ieasytec CWE-284
4.3
2018-07-13 CVE-2016-6542 Improper Input Validation vulnerability in Ieasytec Itrackeasy
The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device.
network
ieasytec CWE-20
4.3