cbcvebase.
CVE-2022-2141
published 2022-07-20

CVE-2022-2141: SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.17%
63.5th percentile
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
micodusmv720

Detection & IOCsextracted from sources · hover to see the quote

  • SMS-based GPS commands can be sent to MiCODUS MV720 GPS tracker without any authentication — monitor for unauthenticated SMS command traffic targeting MV720 devices
  • The vulnerability allows an attacker to issue fuel cutoff commands and disarm alarms on MV720 trackers via unauthenticated SMS — alert on unexpected device state changes (fuel cutoff, alarm disarm) on MV720 fleet assets
  • ·No known public exploits specifically targeting CVE-2022-2141 have been identified at time of advisory publication
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.