Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-5499: Shenzhen Reachfar V28 Information Exposure | INCIBE-CERT

Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week’s logs stored in the ‘log2’ directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.

CVE
#vulnerability#wifi

Affected Resources

Reachfar GPS v28.

Description

INCIBE has coordinated the publication of 1 vulnerability that affects Shenzhen Reachfar GPS v28, a personal GPS tracker, which has been discovered by Joel Serna Moreno.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-5499: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-200.

Solution

The reported vulnerability has been solved in the latest version of the affected product.

Detail

CVE-2023-5499: information exposure vulnerability, the exploitation of which could allow a remote attacker to retrieve all the week’s logs stored in the ‘log2’ directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907