CVE-2022-0732
published 2022-02-24CVE-2022-0732: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR…
PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.47%
82.5th percentile
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1byte | copy9 | — | — |
| 1byte | exactspy | — | — |
| 1byte | fonetracker | — | — |
| 1byte | guestspy | — | — |
| 1byte | ispyoo | — | — |
| 1byte | mxspy | — | — |
| 1byte | secondclone | — | — |
| 1byte | the_truth_spy | — | — |
| 1byte | thespyapp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·CVE-2022-0732 is an IDOR vulnerability in the shared backend infrastructure of TheTruthSpy stalkerware network. The vulnerability was never patched by the operators, meaning victim data collected by the spyware remained exposed to unauthorized third parties via unauthenticated/unauthorized API requests. No specific endpoints, hashes, domains, or signatures are provided in the source material. ↗
- ·The vulnerability class is Insecure Direct Object Reference (IDOR) affecting API authentication/authorization in a shared backend used by multiple mobile device monitoring (stalkerware) services. No actionable IOCs, exploit payloads, or detection signatures are documented in the available sources. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j85g-452w-9q39: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating a
ghsa_unreviewed·2022-02-25
CVE-2022-0732 [HIGH] CWE-284 GHSA-j85g-452w-9q39: The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating a
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
VulnCheck
1byte copy9 Improper Access Control
vulncheck·2022·CVSS 7.5
CVE-2022-0732 [HIGH] 1byte copy9 Improper Access Control
1byte copy9 Improper Access Control
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Affected: 1byte copy9
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
No detection rules found.
No public exploits indexed.
Talos
Why the toothbrush DDoS story fooled us all
blogs_talos·2024-02-15
Why the toothbrush DDoS story fooled us all
I’ll be the first to admit that, like many people on the internet last week, I got caught up in the toothbrush distributed denial-of-service attack that wasn’t.
I had a whole section on it written up in last week’s newsletter, and then I came across Graham Cluley’s blog post debunking the whole thing, and I had to delete it about an hour before the newsletter went live.
There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes, it all started with one international newspaper report, and then was aggregated to death and spread quickly on social media.
This attack was only a hypothetical that a security researcher posed in an interview but was reported or translated as an attac
Talos
Why the toothbrush DDoS story fooled us all
blogs_talos·2024-02-15
Why the toothbrush DDoS story fooled us all
## Why the toothbrush DDoS story fooled us all
I’ll be the first to admit that, like many people on the internet last week, I got caught up in the toothbrush distributed denial-of-service attack that wasn’t .
I had a whole section on it written up in last week’s newsletter, and then I came across Graham Cluley’s blog post debunking the whole thing, and I had to delete it about an hour before the newsletter went live.
There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes, it all started with one international newspaper report, and then was aggregated to death and spread quickly on social media.
This attack was only a hypothetical that a security researcher posed in an int
https://cwe.mitre.org/data/definitions/284.htmlhttps://kb.cert.org/vuls/id/229438https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/https://www.kb.cert.org/vuls/id/229438https://cwe.mitre.org/data/definitions/284.htmlhttps://kb.cert.org/vuls/id/229438https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/https://www.kb.cert.org/vuls/id/229438
2022-02-24
Published
Exploited in the wild