CVE-2022-34150
published 2022-07-20CVE-2022-34150: The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which…
PriorityP431medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.62%
45.4th percentile
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| micodus | mv720 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
MiCODUS MV720 GPS tracker (Update A)
cisa_ics·2022-07-19·CVSS 9.8
[CRITICAL] MiCODUS MV720 GPS tracker (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
MiCODUS MV720 GPS tracker (Update A)
Last RevisedSeptember 20, 2022
Alert CodeICSA-22-200-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: MiCODUS
- Equipment: MV720 GPS tracker
- Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, Authorization Bypass Through User-controlled Key
## 2. UPDATE OR REPOSTED INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-22-200-01 MiCODUS MV720 GPS tracker that was published July 19, 2022, on the ICS webpa
GHSA
GHSA-7mhv-mcwq-rh85: The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs
ghsa_unreviewed·2022-07-21
CVE-2022-34150 [MEDIUM] CWE-639 GHSA-7mhv-mcwq-rh85: The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-20
Published