Shenzhen Reachfar Device Users Beware of New Information Exposure Vulnerability

CVECVE-2023-5499
CVSScvssV3_1: 7.5
SourceCVE-2023-5499

The Shenzhen Reachfar device, a popular emergency alert tool, has been found to have a vulnerability that could allow hackers to access sensitive user information.

The vulnerability, tracked as CVE-2023-5499, has a CVSS score of 7.5 indicating a high severity risk. It allows a remote attacker to retrieve logs stored in the device’s ‘log2’ directory. This includes data like remembered wifi networks, messages sent through the device, locations shared during SOS alerts and device configuration details.

By exploiting this vulnerability, a hacker could potentially monitor how users communicate and interact with their devices. They could also obtain private network information and trace locations of users when they activated emergency alerts.

All Shenzhen Reachfar device owners are advised to update to the latest firmware version immediately. Regular security updates should also be installed to patch any discovered issues. Users should be cautious about connecting to public wireless networks with their devices until the company resolves this vulnerability.

Strong access controls and encryption of sensitive data at rest would help mitigate risks from such information leaks. Shenzhen Reachfar is investigating this issue and working to roll out fixes soon. In the interim, vigilance is recommended when using these devices.

References