Filtered by vendor Micodus
Subscriptions
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2141 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2023-07-24 | 9.8 Critical |
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | ||||
CVE-2022-2107 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | 9.8 Critical |
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number. | ||||
CVE-2022-2199 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | 6.1 Medium |
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request. | ||||
CVE-2022-33944 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | 6.5 Medium |
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. | ||||
CVE-2022-34150 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | 5.4 Medium |
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. |
Page 1 of 1.