CVE-2016-6542— The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-6542
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device
Source: NVD (National Vulnerability Database)
Vulnerability Description
The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
iTrack Easy 输入验证漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
iTrack Easy是一款多功能蓝牙设备。该设备支持与智能手机上的应用程序连接找到丢失或放错位置的东西等。 iTrack Easy中存在输入验证漏洞。远程攻击者可利用该漏洞跟踪设备的BLE MAC地址ID号。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2016-6542
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-6542
请登录查看更多情报信息。
Same Patch Batch · iTrack · 2018-07-13 · 5 CVEs total
| CVE-2016-6543 | A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts | |
| CVE-2016-6544 | iTrack Easy's getgps data can be modified without authentication | |
| CVE-2016-6545 | iTrack Easy does not use session cookies to maintain sessions and POSTs the users password | |
| CVE-2016-6546 | iTrack Easy mobile application stores the user password in base-64 encoding/cleartext |
IV. Related Vulnerabilities
Same product: Easy
Same vendor: iTrack
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2016-6542
No comments yet