SinoTrack GPS Receiver

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to access device profiles for which they are not authorized through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected vehicles such as tracking the vehicle location and disconnecting power to the fuel pump where supported.

CVEs (2)

Remediations

• SinoTrack did not respond to CISA's request for coordination. Please contact SinoTrack for more information.
• CISA recommends that device users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
• Change the default password to a unique, complex password as soon as is practical in the management interface availabe at https://sinotrack.com/.
• Conceal the device identifier. If the sticker is visible on publicly accessible photographs, consider deleting or replacing the pictures to protect the identifier.

Affected Vendors

Affected Products (1)

Affected Sectors

Communications