1. CVE-Search
  2. CVE-2012-2567
ID CVE-2012-2567
Summary The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session.
References
Vulnerable Configurations
  • cpe:2.3:a:xelex:mobiletrack:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:xelex:mobiletrack:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
    cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
refmap via4
bid 53634
cert-vn VU#464683
misc http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/
secunia 49268
xf mobiletrack-ftp-info-disclosure(75783)
Last major update 29-08-2017 - 01:31
Published 22-05-2012 - 15:55
Last modified 29-08-2017 - 01:31
Back to Top