CVE-2022-34150
ICSA-22-200-01 MiCODUS MV720 GPS tracker Authorization Bypass Through User-Controlled Key
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Productos afectados
MiCODUS · MV720¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →