Browse all 4 CVE security advisories affecting TrackR. AI-powered Chinese analysis, POCs, and references for each vulnerability.
TrackR is a device tracking service enabling users to locate lost items via Bluetooth connectivity. Historically, the platform has been susceptible to multiple remote code execution and cross-site scripting vulnerabilities due to improper input validation and insecure API endpoints. Privilege escalation issues have also been identified, allowing unauthorized access to user accounts and location data. The service maintains four CVE records, with vulnerabilities primarily centered on web application security flaws. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices and input sanitization within their tracking infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-6538 | TrackR Bravo mobile application stores account passwords in cleartext — Bravo Mobile ApplicationCWE-313 | 8.8 | - | 2018-07-06 |
| CVE-2016-6539 | TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID — Bravo Mobile ApplicationCWE-200 | 3.5 | - | 2018-07-06 |
| CVE-2016-6540 | TrackR Bravo is missing authentication for the cloud service and allows querying or sending of GPS data from unauthenticated users — Bravo Mobile ApplicationCWE-306 | 8.1 | - | 2018-07-06 |
| CVE-2016-6541 | TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes — Bravo Mobile ApplicationCWE-306 | 8.8 | - | 2018-07-06 |
This page lists every published CVE security advisory associated with TrackR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.