Vulnerabilities > Ieasytec > Itrack Easy

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2016-6544 Improper Authentication vulnerability in Ieasytec Itrack Easy
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps.
network
low complexity
ieasytec CWE-287
7.5
7.5
2018-07-13 CVE-2016-6543 Improper Access Control vulnerability in Ieasytec Itrack Easy
A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.
network
high complexity
ieasytec CWE-284
5.9
5.9