cbcvebase.
CVE-2022-0732
published 2022-02-24

CVE-2022-0732: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR…

PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.47%
82.5th percentile
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.

Affected

9 ranges
VendorProductVersion rangeFixed in
1bytecopy9
1byteexactspy
1bytefonetracker
1byteguestspy
1byteispyoo
1bytemxspy
1bytesecondclone
1bytethe_truth_spy
1bytethespyapp

Detection & IOCsextracted from sources · hover to see the quote

  • ·CVE-2022-0732 is an IDOR vulnerability in the shared backend infrastructure of TheTruthSpy stalkerware network. The vulnerability was never patched by the operators, meaning victim data collected by the spyware remained exposed to unauthorized third parties via unauthenticated/unauthorized API requests. No specific endpoints, hashes, domains, or signatures are provided in the source material.
  • ·The vulnerability class is Insecure Direct Object Reference (IDOR) affecting API authentication/authorization in a shared backend used by multiple mobile device monitoring (stalkerware) services. No actionable IOCs, exploit payloads, or detection signatures are documented in the available sources.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.