Lucene search
HistoryJul 20, 2022 - 4:15 p.m.
CVE-2022-2107
micodus mv720
gps tracker
api
authentication
flaw
sms commands
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
57.0%
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number.
Affected configurations
Node
micodusmv720Match-
micodusmv720_firmwareMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| micodus | mv720 | - | cpe:2.3:h:micodus:mv720:-:*:*:*:*:*:*:* |
| micodus | mv720_firmware | - | cpe:2.3:o:micodus:mv720_firmware:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
prion
prion
Hardcoded credentials
2022-07-20 16:15:00
cve
cve
CVE-2022-2107
2022-07-20 16:15:08
trellix
trellix
The Bug Report – July 2022 Edition
2022-08-03 00:00:00
The Bug Report – July 2022 Edition
2022-08-03 00:00:00
malwarebytes
malwarebytes
Vulnerabilities in GPS tracker could have “life-threatening” implications
2022-07-21 09:57:08
ics
ics
MiCODUS MV720 GPS tracker (Update A)
2022-09-20 12:00:00
thn
thn
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
57.0%
Related for NVD:CVE-2022-2107