ID
VAR-202209-1855
CVE
CVE-2022-37193
TITLE
iPhone OS for chipolo Vulnerability regarding insufficient protection of authentication information in
Trust: 0.8
DESCRIPTION
Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials. iPhone OS for chipolo There are vulnerabilities in inadequate protection of credentials.Information may be obtained and information may be tampered with
Trust: 1.71
IOT TAXONOMY
| category: | ['industrial device'] | sub_category: | tracker | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | chipolo | model: | chipolo | scope: | eq | version: | 4.13.0 | Trust: 1.8 |
| vendor: | chipolo | model: | chipolo | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | chipolo | model: | chipolo | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-522 | Trust: 1.0 |
| problemtype: | Inadequate protection of credentials (CWE-522) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-37193 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2022-018110 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202209-2813 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-37193 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/zhouxinan/ccs22maagiot/blob/main/chipoloone.md | Trust: 2.5 |
| url: | https://chipolo.net/en-us/products/chipolo-one-4-pack | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-37193 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-37193/ | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | OTHER | id: | - |
| db: | VULMON | id: | CVE-2022-37193 |
| db: | JVNDB | id: | JVNDB-2022-018110 |
| db: | CNNVD | id: | CNNVD-202209-2813 |
| db: | NVD | id: | CVE-2022-37193 |
LAST UPDATE DATE
2025-05-22T21:24:15.274000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-37193 | date: | 2022-09-28T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018110 | date: | 2023-10-18T08:11:00 |
| db: | CNNVD | id: | CNNVD-202209-2813 | date: | 2022-10-08T00:00:00 |
| db: | NVD | id: | CVE-2022-37193 | date: | 2025-05-22T14:15:58.603 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-37193 | date: | 2022-09-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-018110 | date: | 2023-10-18T00:00:00 |
| db: | CNNVD | id: | CNNVD-202209-2813 | date: | 2022-09-27T00:00:00 |
| db: | NVD | id: | CVE-2022-37193 | date: | 2022-09-27T23:15:14.417 |