30 matches found
EUVD-2022-34426
Malicious code in bioql PyPI...
EUVD-2022-34482
Malicious code in bioql PyPI...
CISA Releases Eight industrial Control Systems Advisories
CISA has released eight 8 Industrial Control Systems ICS advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories...
The Bug Report – July 2022 Edition
The Bug Report – July 2022 Edition By Trellix · August 3, 2022 This story was also written by Kasimir Schulz and Jesse Chick Your Cybersecurity Comic Relief Why am I here? Welcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at it...
Critical Vulnerabilities in GPS Trackers
This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720, a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other...
CVE-2022-34150
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...
CVE-2022-2199
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request...
CVE-2022-33944
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...
CVE-2022-2107
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
CVE-2022-2141
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...
Design/Logic Flaw
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...
Authentication flaw
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...
Cross site scripting
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request...
CVE-2022-2107 ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number...
CVE-2022-33944 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...
CVE-2022-33944
The CVE-2022-33944 case concerns MiCODUS MV720 GPS tracker’s web server, which is vulnerable to an authenticated insecure direct object reference (IDOR) on the endpoint and the POST parameter “Device ID,” allowing arbitrary device IDs to be supplied. This vulnerability is highlighted in the ICS a...
CVE-2022-33944 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs...
CVE-2022-2141 ICSA-22-200-01 MiCODUS MV720 GPS tracker Improper Authentication
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...
CVE-2022-2141 ICSA-22-200-01 MiCODUS MV720 GPS tracker Improper Authentication
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication...
CVE-2022-2199 ICSA-22-200-01 MiCODUS MV720 GPS tracker Cross-site Scripting
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request...