cvedb.io
CVE-2025-51643
LOW · CVSS 2.4
EPSS exploitation probability: 0%
Published 2025-08-28T16:15:35.207 · Last modified 2026-06-17T09:35:43.747

Summary

Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of sensitive configuration data such as APN credentials, backend server information, and network parameter

Affected products

meitrack — t366l-g_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when meitrack ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.