[Suggested description] An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device. ------------------------------------------ [VulnerabilityType Other] recommendation to disable common security measures ------------------------------------------ [Vendor of Product] One2Track ------------------------------------------ [Affected Product Code Base] One2Track - up to-date version as of 12-8-2019 (no exact version number) ------------------------------------------ [Affected Component] SIM card security PIN ------------------------------------------ [Attack Type] Physical ------------------------------------------ [CVE Impact Other] recommendation to disable common security measures ------------------------------------------ [Attack Vectors] Local ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Dennis van Warmerdam, Jim Blankendaal, Jasper Nota ------------------------------------------ [Reference] https://www.one2track.nl Use CVE-2019-20472.