Vulnerabilities (CVE)

Filtered by vendor Tk-star Subscribe

Filtered by product Q90 Junior Gps Horloge Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-20470	1 Tk-star	2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware	2021-07-21	5.0 MEDIUM	7.5 HIGH
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.
CVE-2019-20471	1 Tk-star	2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware	2021-02-05	7.2 HIGH	7.8 HIGH
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.