The Xelex MobileTrack application 2.3.7 and previous versions for Android does not verify the origin of SMS commands, which allows remote malicious users to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
xelex mobiletrack |
Vulmon