Search criteria
15 vulnerabilities found for gps_tracker by uffizio
FKIE_CVE-2020-17484
Vulnerability from fkie_nvd - Published: 2023-12-16 01:15 - Updated: 2024-11-21 05:08
Severity ?
Summary
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.uffizio.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.uffizio.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uffizio | gps_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirection vulnerability exists in Uffizio\u0027s GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de redirecci\u00f3n abierta en todas las versiones del GPS Tracker de Uffizio que permite a un atacante construir una URL dentro de la aplicaci\u00f3n que provoca una redirecci\u00f3n a un dominio externo arbitrario."
}
],
"id": "CVE-2020-17484",
"lastModified": "2024-11-21T05:08:12.560",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T01:15:07.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.uffizio.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.uffizio.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-17485
Vulnerability from fkie_nvd - Published: 2023-12-16 01:15 - Updated: 2024-11-21 05:08
Severity ?
Summary
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.uffizio.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.uffizio.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uffizio | gps_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability exist in Uffizio\u0027s GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en todas las versiones del GPS Tracker de Uffizio. El servidor web puede verse comprometido al cargar y ejecutar un shell web/inverso. Luego, un atacante podr\u00eda ejecutar comandos, explorar archivos del sistema y explorar recursos locales."
}
],
"id": "CVE-2020-17485",
"lastModified": "2024-11-21T05:08:12.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T01:15:07.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.uffizio.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.uffizio.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-17483
Vulnerability from fkie_nvd - Published: 2023-12-16 01:15 - Updated: 2024-11-21 05:08
Severity ?
Summary
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.uffizio.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.uffizio.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uffizio | gps_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in Uffizio\u0027s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del GPS Tracker de Uffizio que conduce a la divulgaci\u00f3n de informaci\u00f3n confidencial de todos los dispositivos conectados. Al visitar el host vulnerable en el puerto 9000, vemos que responde con un cuerpo JSON que tiene todos los detalles sobre los dispositivos que se han implementado."
}
],
"id": "CVE-2020-17483",
"lastModified": "2024-11-21T05:08:12.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-16T01:15:07.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.uffizio.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.uffizio.com/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32927
Vulnerability from fkie_nvd - Published: 2022-04-22 15:15 - Updated: 2024-11-21 06:07
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uffizio | gps_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker."
},
{
"lang": "es",
"value": "Un atacante puede ser capaz de inyectar c\u00f3digo JavaScript del lado del cliente en m\u00faltiples instancias dentro de todas las versiones de Uffizio GPS Tracker"
}
],
"id": "CVE-2021-32927",
"lastModified": "2024-11-21T06:07:56.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-22T15:15:07.640",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-32929
Vulnerability from fkie_nvd - Published: 2022-04-22 15:15 - Updated: 2024-11-21 06:07
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| uffizio | gps_tracker | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:uffizio:gps_tracker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7119D7-17A7-46D4-A5D0-FE622C3F6AC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user."
},
{
"lang": "es",
"value": "Todas las versiones de Uffizio GPS Tracker pueden permitir a un atacante llevar a cabo acciones no deseadas en nombre de un usuario"
}
],
"id": "CVE-2021-32929",
"lastModified": "2024-11-21T06:07:56.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-22T15:15:07.707",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
CVE-2020-17483 (GCVE-0-2020-17483)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2024-08-04 14:00
VLAI?
Summary
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.uffizio.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in Uffizio\u0027s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T00:51:18.073765",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.uffizio.com/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17483",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17485 (GCVE-0-2020-17485)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2024-08-04 14:00
VLAI?
Summary
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.uffizio.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability exist in Uffizio\u0027s GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T00:57:43.762115",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.uffizio.com/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17485",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17484 (GCVE-0-2020-17484)
Vulnerability from cvelistv5 – Published: 2023-12-16 00:00 – Updated: 2024-08-04 14:00
VLAI?
Summary
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.uffizio.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirection vulnerability exists in Uffizio\u0027s GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T00:54:38.971783",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.uffizio.com/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17484",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32927 (GCVE-0-2021-32927)
Vulnerability from cvelistv5 – Published: 2022-04-22 15:01 – Updated: 2025-04-16 16:27
VLAI?
Title
Uffizio GPS Tracker Cross-site Scripting
Summary
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uffizio | GPS Tracker |
Affected:
All
|
Credits
Harshit Shukla reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:19.092005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:27:59.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GPS Tracker",
"vendor": "Uffizio",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:01:26.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uffizio GPS Tracker Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32927",
"STATE": "PUBLIC",
"TITLE": "Uffizio GPS Tracker Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPS Tracker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Uffizio"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32927",
"datePublished": "2022-04-22T15:01:26.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:27:59.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32929 (GCVE-0-2021-32929)
Vulnerability from cvelistv5 – Published: 2022-04-22 15:00 – Updated: 2025-04-16 16:28
VLAI?
Title
Uffizio GPS Tracker Cross-site Request Forgery
Summary
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uffizio | GPS Tracker |
Affected:
All
|
Credits
Harshit Shukla reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:23.031345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:08.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GPS Tracker",
"vendor": "Uffizio",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:00:23.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uffizio GPS Tracker Cross-site Request Forgery",
"workarounds": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32929",
"STATE": "PUBLIC",
"TITLE": "Uffizio GPS Tracker Cross-site Request Forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPS Tracker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Uffizio"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32929",
"datePublished": "2022-04-22T15:00:23.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:08.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17483 (GCVE-0-2020-17483)
Vulnerability from nvd – Published: 2023-12-16 00:00 – Updated: 2024-08-04 14:00
VLAI?
Summary
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.uffizio.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in Uffizio\u0027s GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T00:51:18.073765",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.uffizio.com/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17483",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17485 (GCVE-0-2020-17485)
Vulnerability from nvd – Published: 2023-12-16 00:00 – Updated: 2024-08-04 14:00
VLAI?
Summary
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.uffizio.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability exist in Uffizio\u0027s GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T00:57:43.762115",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.uffizio.com/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17485",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17484 (GCVE-0-2020-17484)
Vulnerability from nvd – Published: 2023-12-16 00:00 – Updated: 2024-08-04 14:00
VLAI?
Summary
An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:47.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.uffizio.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirection vulnerability exists in Uffizio\u0027s GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-16T00:54:38.971783",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.uffizio.com/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-287-02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-17484",
"datePublished": "2023-12-16T00:00:00",
"dateReserved": "2020-08-11T00:00:00",
"dateUpdated": "2024-08-04T14:00:47.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32927 (GCVE-0-2021-32927)
Vulnerability from nvd – Published: 2022-04-22 15:01 – Updated: 2025-04-16 16:27
VLAI?
Title
Uffizio GPS Tracker Cross-site Scripting
Summary
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.
Severity ?
7.1 (High)
CWE
- CWE-79 - Cross-site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uffizio | GPS Tracker |
Affected:
All
|
Credits
Harshit Shukla reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:19.092005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:27:59.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GPS Tracker",
"vendor": "Uffizio",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Cross-site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:01:26.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uffizio GPS Tracker Cross-site Scripting",
"workarounds": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32927",
"STATE": "PUBLIC",
"TITLE": "Uffizio GPS Tracker Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPS Tracker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Uffizio"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32927",
"datePublished": "2022-04-22T15:01:26.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:27:59.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32929 (GCVE-0-2021-32929)
Vulnerability from nvd – Published: 2022-04-22 15:00 – Updated: 2025-04-16 16:28
VLAI?
Title
Uffizio GPS Tracker Cross-site Request Forgery
Summary
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Uffizio | GPS Tracker |
Affected:
All
|
Credits
Harshit Shukla reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:53:23.031345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:28:08.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GPS Tracker",
"vendor": "Uffizio",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T15:00:23.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Uffizio GPS Tracker Cross-site Request Forgery",
"workarounds": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-32929",
"STATE": "PUBLIC",
"TITLE": "Uffizio GPS Tracker Cross-site Request Forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPS Tracker",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Uffizio"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Harshit Shukla reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Uffizio is aware of these vulnerabilities and has not supplied any mitigations or workarounds. Contact Uffizio for more information."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-32929",
"datePublished": "2022-04-22T15:00:23.000Z",
"dateReserved": "2021-05-13T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:28:08.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}