The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
micodus mv720_firmware - |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources About '1.5 million' folks and organizations use these gadgets What do you want The Register to do for you?
A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals to disrupt fleet operations and spy on routes, or even remotely control or cut off fuel to vehicles, according to CISA. And there's no fixes for these security flaws. Two of the bugs received a 9.8 out of 10 CVSS severity rating. They can be exploited to send commands to a tracker device to execute with no meaningful authentication; the others involve some degree of remote exploitation. "Successful ...