Headline
One2Track 2019-12-08 Missing PIN
An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a “Remove PIN and restart!” message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
[Suggested description]
An issue was discovered on One2Track 2019-12-08 devices.
Any SIM card used with the device
cannot have a PIN configured. If a PIN is configured, the device simply produces a
“Remove PIN and restart!” message, and cannot be used. This makes it easier for
an attacker to use the SIM card by stealing the device.
[VulnerabilityType Other]
recommendation to disable common security measures
[Vendor of Product]
One2Track
[Affected Product Code Base]
One2Track - up to-date version as of 12-8-2019 (no exact version number)
[Affected Component]
SIM card security PIN
[Attack Type]
Physical
[CVE Impact Other]
recommendation to disable common security measures
[Attack Vectors]
Local
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Discoverer]
Dennis van Warmerdam, Jim Blankendaal, Jasper Nota
[Reference]
https://www.one2track.nl
Use CVE-2019-20472.