CVE-2022-33944

MEDIUM

MiCODUS MV720 - Info Disclosure

Title source: llm

Description

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource x_refsource_confirm

https://www.cisa.gov/uscert/ics/advisories/icsa-22-200-01

Scores

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 34.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

micodus/mv720_firmware

Published Jul 20, 2022

Tracked Since Feb 18, 2026