Lucene search

[email protected]NVD:CVE-2022-33944

HistoryJul 20, 2022 - 4:15 p.m.

CVE-2022-33944

2022-07-2016:15:09

CWE-639

[email protected]

web.nvd.nist.gov

micodus mv720

gps tracker

web server

authenticated

insecure direct object references

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.

Affected configurations

Nvd

Node

micodusmv720_firmwareMatch-

AND

micodusmv720Match-

VendorProductVersionCPE
micodusmv720_firmware-cpe:2.3:o:micodus:mv720_firmware:-:*:*:*:*:*:*:*
micodusmv720-cpe:2.3:h:micodus:mv720:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
micodus	mv720_firmware	-	cpe:2.3:o:micodus:mv720_firmware:-:::::::*
micodus	mv720	-	cpe:2.3:h:micodus:mv720:-:::::::*

References

www.cisa.gov/uscert/ics/advisories/icsa-22-200-01

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Related for NVD:CVE-2022-33944

prion1 cvelist1 cve1 ics1 thn1 malwarebytes1