N/A

The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message.

N/A

N/A

Xelex MobileTrack输入验证漏洞

基于Android平台的Xelex MobileTrack应用程序2.3.7及之前版本中存在漏洞，该漏洞源于未核实SMS命令的源头。远程攻击者可利用该漏洞借助SMS信息，执行（1）LOCATE，（2）TRACK，（3）UPDATECFG，（4）UPDATEACCT，（5）STAT，（6）TERM或（7）WIPE命令。

N/A

N/A