Vulnerabilities > CVE-2022-0732 - Authorization Bypass Through User-Controlled Key vulnerability in 1Byte products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Common Weakness Enumeration (CWE)
References
- https://cwe.mitre.org/data/definitions/284.html
- https://cwe.mitre.org/data/definitions/284.html
- https://kb.cert.org/vuls/id/229438
- https://kb.cert.org/vuls/id/229438
- https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
- https://techcrunch.com/2022/02/22/stalkerware-network-spilling-data/
- https://www.kb.cert.org/vuls/id/229438
- https://www.kb.cert.org/vuls/id/229438