4 matches found
EUVD-2022-34482
Malicious code in bioql PyPI...
CVE-2022-2199 ICSA-22-200-01 MiCODUS MV720 GPS tracker Cross-site Scripting
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request...
CVE-2022-34150 ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification...
MiCODUS MV720 GPS tracker
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: MiCODUS Equipment: MV720 GPS tracker Vulnerabilities: Use of Hard-coded Credentials, Improper Authentication, Cross-site Scripting, Authorization Bypass Through User-controlled Key 2. UPDATE OR REPOSTED...