Vulnerabilities > CVE-2022-33944 - Authorization Bypass Through User-Controlled Key vulnerability in Micodus Mv720 Firmware

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
micodus
CWE-639

Summary

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.

Vulnerable Configurations

Part Description Count
OS
Micodus
1
Hardware
Micodus
1