getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.
Credits
Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability.
