CVE-2016-6539 - OpenCVE

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Thetrackr	Trackr Trackr Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:thetrackr:trackr_firmware::::::android::*
	cpe:2.3:o:thetrackr:trackr_firmware::::::iphone_os::*

cpe:2.3:h:thetrackr:trackr:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/93874
https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/
https://www.kb.cert.org/vuls/id/617567
https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2018-07-06T21:00:00

Updated: 2024-08-06T01:36:27.350Z

Reserved: 2016-08-03T00:00:00

Link: CVE-2016-6539

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-06T21:29:00.280

Modified: 2019-10-09T23:19:12.830

Link: CVE-2016-6539

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["iOS"], "product": "Bravo Mobile Application", "vendor": "TrackR", "versions": [{"status": "unaffected", "version": "5.1.6"}]}, {"platforms": ["Android"], "product": "Bravo Mobile Application", "vendor": "TrackR", "versions": [{"status": "unaffected", "version": "2.2.5"}]}], "credits": [{"lang": "en", "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."}], "datePublic": "2016-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-07T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "93874", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93874"}, {"tags": ["x_refsource_MISC"], "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#617567", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/617567"}], "source": {"discovery": "UNKNOWN"}, "title": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2016-6539", "STATE": "PUBLIC", "TITLE": "TrackR Bravo MAC address can be exposed in close proximity and used to obtain the device ID"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bravo Mobile Application", "version": {"version_data": [{"affected": "!", "platform": "iOS", "version_affected": "!", "version_value": "5.1.6"}, {"affected": "!", "platform": "Android", "version_affected": "!", "version_value": "2.2.5"}]}}]}, "vendor_name": "TrackR"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Information Exposure"}]}]}, "references": {"reference_data": [{"name": "93874", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93874"}, {"name": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ", "refsource": "MISC", "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}, {"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", "refsource": "MISC", "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#617567", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/617567"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:36:27.350Z"}, "title": "CVE Program Container", "references": [{"name": "93874", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93874"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"name": "VU#617567", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/617567"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2016-6539", "datePublished": "2018-07-06T21:00:00", "dateReserved": "2016-08-03T00:00:00", "dateUpdated": "2024-08-06T01:36:27.350Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:android:*:*", "matchCriteriaId": "43EC4939-50C3-4104-96AB-DEC1FE156EF3", "versionEndExcluding": "2.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:thetrackr:trackr_firmware:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "8FE04B1C-C57E-478C-8F6A-3C09D344C485", "versionEndExcluding": "5.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:thetrackr:trackr:-:*:*:*:*:*:*:*", "matchCriteriaId": "9905EBCF-AAE9-469A-AA16-76C43817F4CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541."}, {"lang": "es", "value": "El ID de los dispositivos Trackr se construye a partir de un identificador del vendedor de cuatro ceros seguido de la direcci\u00f3n MAC BLE al rev\u00e9s. Se puede obtener la direcci\u00f3n MAC estando cerca del dispositivo Bluetooth, exponiendo efectivamente el ID del dispositivo. El ID se puede utilizar para rastrear los dispositivos. El fabricante ha publicado las apps actualizadas (5.1.6 para iOS y 2.2.5 para Android) para solucionar las vulnerabilidades en CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 y CVE-2016-6541."}], "id": "CVE-2016-6539", "lastModified": "2019-10-09T23:19:12.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-06T21:29:00.280", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/93874"}, {"source": "cret@cert.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/617567"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/TNOY-AF3KCZ"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cret@cert.org", "type": "Secondary"}]}