CVE-2022-33944

The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt