Authentication Vulnerability in SinoTrack Device Management Interface
CVE-2025-5484

7.6HIGH

Key Information:

Vendor: Sinotrack
Status: Iot Pc Platform
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-5484?

The SinoTrack device management interface is vulnerable due to the use of a common default password that does not change during the setup process. This security gap allows malicious actors to access devices using a username tied to the device's identifier, which is publicly accessible. The lack of enforcement for password modification during installation increases the risk of unauthorized access, especially when device identifiers can be captured from easily accessible images online.

Affected Version(s)

IOT PC Platform All versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.sinotrackgps.com/help-center

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 2, 2025

Credit

Raúl Ignacio Cruz Jiménez reported these vulnerabilities to CISA.