The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an malicious user to gain control by tricking a user into making a request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
micodus mv720_firmware - |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources About '1.5 million' folks and organizations use these gadgets What do you want The Register to do for you?
A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws. Two of the bugs received a 9.8 out of 10 CVSS severity rating. They can be exploited to send commands to a tracker device to execute with no meaningful authentication; the others involve some degree of remote exploitation. "Successful ...