Vulnerabilities > CVE-2019-20470 - Insecure Default Initialization of Resource vulnerability in Tk-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

tk-star

CWE-1188

NVD

Published: 2021-02-01

Updated: 2024-08-01

Summary

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.

Vulnerable Configurations

Part	Description	Count
OS	Tk-Star TK Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656	1
Hardware	Tk-Star TK Star Q90 Junior GPS Horloge -	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References