MiCODUS MV720 GPS tracker default account | CVE-2022-2107

July 23, 2022

NAME

MiCODUS MV720 GPS tracker default account

  • Platforms Affected:
    MiCODUS MV720 GPS tracker
  • Risk Level:
    9.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

MiCODUS MV720 GPS tracker contains default hardcoded credentials in the API server. A remote attacker could exploit this vulnerability to issue SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Unavailable

MITIGATION

No remedy available as of July 22, 2022.

  • Reference Link:
    https://www.cisa.gov/uscert/ics/advisories/icsa-22-200-01
  • Reference Link:
    https://www.micodus.com/

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
Tags: , ,

You may have missed

image

CVE Alert: CVE-2023-31280

December 22, 2024
image

[FUNKSEC] – Ransomware Victim: visualsystemas[.]com[.]ar

December 22, 2024
image

[FUNKSEC] – Ransomware Victim: casarom[.]com[.]ar

December 22, 2024
image

[FUNKSEC] – Ransomware Victim: gtsportcarrental[.]com

December 22, 2024
image

CVE Alert: CVE-2023-31279

December 22, 2024