Vulnerabilities > CVE-2019-20473 - Unspecified vulnerability in Tk-Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

tk-star

NVD

Published: 2021-02-01

Updated: 2021-02-05

Summary

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.

Vulnerable Configurations

Part	Description	Count
OS	Tk-Star TK Star Q90 Junior GPS Horloge Firmware 3.1042.9.8656	1
Hardware	Tk-Star TK Star Q90 Junior GPS Horloge -	1

References

https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/
https://www.tk-star.com