[Suggested description]
An issue was discovered on One2Track 2019-12-08 devices.
Any SIM card used with the device
cannot have a PIN configured. If a PIN is configured, the device simply produces a
"Remove PIN and restart!" message, and cannot be used. This makes it easier for
an attacker to use the SIM card by stealing the device.------------------------------------------
[VulnerabilityType Other]
recommendation to disable common security measures
------------------------------------------
[Vendor of Product]
One2Track
------------------------------------------
[Affected Product Code Base]
One2Track - up to-date version as of 12-8-2019 (no exact version number)
------------------------------------------
[Affected Component]
SIM card security PIN
------------------------------------------
[Attack Type]
Physical
------------------------------------------
[CVE Impact Other]
recommendation to disable common security measures
------------------------------------------
[Attack Vectors]
Local
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Dennis van Warmerdam, Jim Blankendaal, Jasper Nota
------------------------------------------
[Reference]
https://www.one2track.nl
Use CVE-2019-20472.