One2Track 2019-12-08 Missing PIN
2024-7-30 20:35:43 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏

[Suggested description]
An issue was discovered on One2Track 2019-12-08 devices.
Any SIM card used with the device
cannot have a PIN configured. If a PIN is configured, the device simply produces a
"Remove PIN and restart!" message, and cannot be used. This makes it easier for
an attacker to use the SIM card by stealing the device.

------------------------------------------

[VulnerabilityType Other]
recommendation to disable common security measures

------------------------------------------

[Vendor of Product]
One2Track

------------------------------------------

[Affected Product Code Base]
One2Track - up to-date version as of 12-8-2019 (no exact version number)

------------------------------------------

[Affected Component]
SIM card security PIN

------------------------------------------

[Attack Type]
Physical

------------------------------------------

[CVE Impact Other]
recommendation to disable common security measures

------------------------------------------

[Attack Vectors]
Local

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------

[Discoverer]
Dennis van Warmerdam, Jim Blankendaal, Jasper Nota

------------------------------------------

[Reference]
https://www.one2track.nl

Use CVE-2019-20472.


文章来源: https://packetstormsecurity.com/files/179821/one2track-missingauth.txt
如有侵权请联系:admin#unsafe.sh