Vulnerability Description
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tk-Star | Q90 Junior Gps Horloge Firmware | 3.1042.9.8656 |
| Tk-Star | Q90 Junior Gps Horloge | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2024/Jul/14
- https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/Third Party Advisory
- https://www.tk-star.comVendor Advisory
- http://seclists.org/fulldisclosure/2024/Jul/14
- https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/Third Party Advisory
- https://www.tk-star.comVendor Advisory
FAQ
What is CVE-2019-20470?
CVE-2019-20470 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the wa...
How severe is CVE-2019-20470?
CVE-2019-20470 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-20470?
Check the references section above for vendor advisories and patch information. Affected products include: Tk-Star Q90 Junior Gps Horloge Firmware, Tk-Star Q90 Junior Gps Horloge.