Main Vulnerability Database Vulnerabilities #VU65568

Authorization bypass through user-controlled key in MV720 - CVE-2022-34150

Published: July 20, 2022

Vulnerability identifier: #VU65568

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-34150

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MV720

Software vendor:
MiCODUS

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the main web server has an authenticated insecure direct object reference issue on endpoint and parameter device IDs. A remote user can cause the target application accepts arbitrary device IDs without further verification

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-200-01

Authorization bypass through user-controlled key in MV720 - CVE-2022-34150

Description

Remediation

External links

Please verify you're human