CVE-2022-37193

HIGH

Chipolo - Insufficiently Protected Credentials

Title source: rule

Description

Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.

References (2)

[Product] https://chipolo.net/en-us/products/chipolo-one-4-pack

[Third Party Advisory] https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md

View Writeup ZIP pw:eip

Scores

CVSS v3 7.4

EPSS 0.0025

EPSS Percentile 48.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

chipolo/chipolo

Timeline

Published Sep 27, 2022

Tracked Since Feb 18, 2026