Skip to main content

Mv720 Firmware

5 CVEs product

Monthly

CVE-2022-34150 MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-33944 MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2199 MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mv720 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-2141 CRITICAL Act Now

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-2107 CRITICAL Act Now

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 1% CVSS 5.4
MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain control by tricking a user into making a request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mv720 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mv720 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy