{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-09-27T12:54:21.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://chipolo.net/en-us/products/chipolo-one-4-pack"},{"tags":["x_refsource_MISC"],"url":"https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-37193","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://chipolo.net/en-us/products/chipolo-one-4-pack","refsource":"MISC","url":"https://chipolo.net/en-us/products/chipolo-one-4-pack"},{"name":"https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md","refsource":"MISC","url":"https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T10:21:33.299Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://chipolo.net/en-us/products/chipolo-one-4-pack"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/zhouxinan/CCS22MaaGIoT/blob/main/ChipoloONE.md"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-522","lang":"en","description":"CWE-522 Insufficiently Protected Credentials"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.4,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-22T13:51:20.244418Z","id":"CVE-2022-37193","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-22T13:51:24.235Z"}}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2022-37193","datePublished":"2022-09-27T12:54:21.000Z","dateReserved":"2022-08-01T00:00:00.000Z","dateUpdated":"2025-05-22T13:51:24.235Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}