Vulnerabilities > CVE-2022-33944 - Authorization Bypass Through User-Controlled Key vulnerability in Micodus Mv720 Firmware

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.

Vulnerable Configurations

Part Description Count
OS
Micodus
1
Hardware
Micodus
1