Lucene search
IcscertCVE-2022-34150HistoryJul 20, 2022 - 4:15 p.m.
CVE-2022-34150
2022-07-2016:15:09
CWE-639
icscert
web.nvd.nist.gov
51
2
micodus
mv720
gps tracker
web server
vulnerability
secure
direct object reference
nvd
cve-2022-34150
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
6.5
Confidence
High
EPSS
0.001
Percentile
22.7%
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
Affected configurations
Node
micodusmv720_firmwareMatch-
micodusmv720Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| micodus | mv720_firmware | - | cpe:2.3:o:micodus:mv720_firmware:-:*:*:*:*:*:*:* |
| micodus | mv720 | - | cpe:2.3:h:micodus:mv720:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "MV720",
"vendor": "MiCODUS",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]Social References
More
Related
prion
prion
Design/Logic Flaw
2022-07-20 16:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-34150
2022-07-20 16:15:09
ics
ics
MiCODUS MV720 GPS tracker (Update A)
2022-09-20 12:00:00
thn
thn
malwarebytes
malwarebytes
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
6.5
Confidence
High
EPSS
0.001
Percentile
22.7%
Related for CVE-2022-34150