Lucene search
IcscertCVELIST:CVE-2022-33944HistoryJul 20, 2022 - 3:24 p.m.
CVE-2022-33944 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key
2022-07-2015:24:26
CWE-639
icscert
www.cve.org
8
micodus mv720
gps tracker
authorization bypass
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
28.4%
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.
CNA Affected
[
{
"product": "MV720",
"vendor": "MiCODUS",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2022-07-20 16:15:00
nvd
nvd
CVE-2022-33944
2022-07-20 16:15:09
cve
cve
CVE-2022-33944
2022-07-20 16:15:09
ics
ics
MiCODUS MV720 GPS tracker (Update A)
2022-09-20 12:00:00
thn
thn
malwarebytes
malwarebytes
Vulnerabilities in GPS tracker could have “life-threatening” implications
2022-07-21 09:57:08
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
28.4%
Related for CVELIST:CVE-2022-33944