CVE-2025-5485 affects SinoTrack’s IOT PC Platform and related GPS receiver management access. CISA says the web management interface uses a numerical device identifier as the username, capped at 10 digits, which allows a malicious actor to enumerate likely targets by incrementing or decrementing known identifiers or by trying random digit sequences. The advisory rates the issue HIGH and lists all versions [truncated]
CVE-2025-5484 describes weak authentication in the SinoTrack central device management interface. Each device uses a printed identifier as the username, and the default password is common across devices and not required to be changed during setup. Because device identifiers may be obtained from the device itself or from publicly posted photos, an attacker may be able to authenticate without authorized acc [truncated]
