CVE-2016-6539

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.
References
Link Resource
http://www.securityfocus.com/bid/93874 Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ Exploit Technical Description Third Party Advisory
https://www.kb.cert.org/vuls/id/617567 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/93874 Third Party Advisory VDB Entry
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ Exploit Technical Description Third Party Advisory
https://www.kb.cert.org/vuls/id/617567 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:android:*:*
cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:iphone_os:*:*
cpe:2.3:h:thetrackr:trackr:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:56

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/93874 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/93874 - Third Party Advisory, VDB Entry
References () https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ - Exploit, Technical Description, Third Party Advisory () https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/ - Exploit, Technical Description, Third Party Advisory
References () https://www.kb.cert.org/vuls/id/617567 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/617567 - Third Party Advisory, US Government Resource
References () https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ - Third Party Advisory, US Government Resource

Information

Published : 2018-07-06 21:29

Updated : 2024-11-21 02:56


NVD link : CVE-2016-6539

Mitre link : CVE-2016-6539

CVE.ORG link : CVE-2016-6539


JSON object : View

Products Affected

thetrackr

  • trackr_firmware
  • trackr
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor