CVE-2017-5237

Summary

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

Affected Software

VendorProductVersion RangeStatus
EviewEV-07S GPS TrackerAllaffected

Weaknesses

  • Unauthenticated remote factory reset

ADP Enrichment

CVE Program Container

Additional References

References