CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
22.7%
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
Vendor | Product | Version | CPE |
---|---|---|---|
micodus | mv720_firmware | - | cpe:2.3:o:micodus:mv720_firmware:-:*:*:*:*:*:*:* |
micodus | mv720 | - | cpe:2.3:h:micodus:mv720:-:*:*:*:*:*:*:* |
[
{
"product": "MV720",
"vendor": "MiCODUS",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]
More