Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ICSA-22-200-01 MiCODUS MV720 GPS tracker Use of Hard-coded Credentials
Vulnerability Description
The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner’s mobile number.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的凭证
Vulnerability Title
MiCODUS MV720 GPS 信任管理问题漏洞
Vulnerability Description
MiCODUS MV720 GPS是美国MiCODUS公司的一款GPS追踪器。 MiCODUS MV720 GPS tracker 存在信任管理问题漏洞,该漏洞源于API 服务器具有允许设备使用硬编码主密码的身份验证机制。 这可能允许攻击者直接向 GPS 跟踪器发送 SMS 命令,就好像它们来自 GPS 所有者的手机号码一样。
CVSS Information
N/A
Vulnerability Type
N/A