{"uuid": "9d0dbdc0-b376-47cb-87ed-c36b22640e51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2107", "type": "seen", "source": "https://t.me/poxek/2465", "content": "#CVE\n\n\u041a\u0442\u043e-\u043d\u0438\u0431\u0443\u0434\u044c \u0437\u043d\u0430\u0435\u0442 \u0445\u043e\u0440\u043e\u0448\u0435\u0433\u043e \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u044d\u043a\u0437\u043e\u0440\u0446\u0438\u0441\u0442\u0430?\nCVE-2022-2107\n\nThe MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This may allow an attacker to send SMS commands directly to the GPS tracker as if they were coming from the GPS owner\u2019s mobile number.", "creation_timestamp": "2022-09-07T09:00:04.000000Z"}