CVE-2020-17483

An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 Third Party Advisory US Government Resource
https://www.uffizio.com/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 Third Party Advisory US Government Resource
https://www.uffizio.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 - Third Party Advisory, US Government Resource
References () https://www.uffizio.com/ - Product () https://www.uffizio.com/ - Product

20 Dec 2023, 16:39

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 - () https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 - Third Party Advisory, US Government Resource
References () https://www.uffizio.com/ - () https://www.uffizio.com/ - Product
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*
First Time Uffizio
Uffizio gps Tracker

18 Dec 2023, 14:05

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-16 01:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-17483

Mitre link : CVE-2020-17483

CVE.ORG link : CVE-2020-17483


JSON object : View

Products Affected

uffizio

  • gps_tracker