Mv720 Firmware Security Vulnerabilities and Issues — Mv720 Firmware CVE List

Lucene search

MicodusMv720 Firmware

5 matches found

CVE•added 2022/07/20 4:15 p.m.•2399 views

CVE-2022-2107

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number.

9.8CVSS9.7AI score0.00193EPSS

CVE•added 2022/07/20 4:15 p.m.•66 views

CVE-2022-34150

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.

7.1CVSS6.4AI score0.0009EPSS

CVE•added 2022/07/20 4:15 p.m.•64 views

CVE-2022-2141

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.

9.8CVSS9.7AI score0.00193EPSS

CVE•added 2022/07/20 4:15 p.m.•52 views

CVE-2022-2199

The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request.

7.5CVSS6.5AI score0.00201EPSS

CVE•added 2022/07/20 4:15 p.m.•51 views

CVE-2022-33944

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.

6.5CVSS6.8AI score0.00076EPSS