CVE-2016-6544— iTrack Easy's getgps data can be modified without authentication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-6544
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
iTrack Easy's getgps data can be modified without authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
iTrack Easy 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
iTrack Easy是一款多功能蓝牙设备。该设备支持与智能手机上的应用程序连接找到丢失或放错位置的东西等。 iTrack Easy中存在授权问题漏洞,该漏洞源于程序没有实施身份验证机制。远程攻击者可通过设置数据使用‘parametercmd:setothergps’函数利用该漏洞修改丢失设备的GPS数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2016-6544
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-6544
Please Login to view more intelligence information
Same Patch Batch · iTrack · 2018-07-13 · 5 CVEs total
| CVE-2016-6542 | The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the d | |
| CVE-2016-6543 | A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts | |
| CVE-2016-6545 | iTrack Easy does not use session cookies to maintain sessions and POSTs the users password | |
| CVE-2016-6546 | iTrack Easy mobile application stores the user password in base-64 encoding/cleartext |
IV. Related Vulnerabilities
Same product: Easy
Same vendor: iTrack
Same weakness: CWE-306
- CVE-2026-8185
UGREEN CM933 Administrative missing authentication - CVE-2026-42302
FastGPT: Unauthenticated Remote Code Execution (RCE) via cod - CVE-2026-42176
Scoold: Persistent Admin Takeover by Overwriting the admins - CVE-2026-44338
PraisonAI ships and generates a legacy API server with authe - CVE-2026-6736
Authentication bypass vulnerability in GitHub Enterprise Ser
V. Comments for CVE-2016-6544
No comments yet