Vulnerabilities > CVE-2022-2107 - Unspecified vulnerability in Micodus Mv720 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

micodus

critical

NVD

Published: 2022-07-20

Updated: 2024-11-21

Summary

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number.

Vulnerable Configurations

Part	Description	Count
OS	Micodus Micodus Mv720 Firmware -	1
Hardware	Micodus Micodus Mv720 -	1

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-200-01
https://www.cisa.gov/uscert/ics/advisories/icsa-22-200-01