CVE-2022-37193
HIGHChipolo ONE Bluetooth Tracker - Insufficiently Protected Credentials
Title source: llmDescription
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.
References (2)
Core 2
Core References
Product x_refsource_misc
https://chipolo.net/en-us/products/chipolo-one-4-pack
Third Party Advisory x_refsource_misc
https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md
Scores
CVSS v3
7.4
EPSS
0.0054
EPSS Percentile
41.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-522
Status
published
Products (1)
chipolo/chipolo
4.13.0
Published
Sep 27, 2022
Tracked Since
Feb 18, 2026