NVD

Id
44304  
Name
CVE-2012-2562  
Description
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.  
Reject
 
CVSS Version
2  
CVSS Score
7.6  
Severity
High  
CVSS Base Score
7.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2012-05-22  
Modified Date
2013-05-24  
Seq
2012-2562  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
222360 44304 CVE-2012-2562 http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/  View
222361 44304 CVE-2012-2562 VU#464683  View
222362 44304 CVE-2012-2562 53634  View
222363 44304 CVE-2012-2562 mobiletrack-sms-commands-sec-bypass(75782)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26768 JVNDB-2012-002475 Android 用の Xelex MobileTrack アプリケーションにおけるコマンドを実行される脆弱性 Android 用の Xelex MobileTrack アプリケーションは、SMS コマンドの発信元を検証しないため、(1) LOCATE、(2) TRACK、(3) UPDATECFG、(4) UPDATEACCT、(5) STAT、(6) TERM、または (7) WIPE コマンドを実行される脆弱性が存在します。 CVE-2012-2562 55800 CVE-2012-2562 44304 7.6 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002475.html 2012-05-22 2012-05-23 View