The Xelex MobileTrack application 2.3.7 and previous versions for Android does not verify the origin of SMS commands, which allows remote malicious users to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xelex mobiletrack |