CVE-2022-37193

high

Description

Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials.

References

https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md

https://chipolo.net/en-us/products/chipolo-one-4-pack

Details

Source: Mitre, NVD

Published: 2022-09-27

Updated: 2025-05-22

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N