Filtered by vendor Tk-star Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-20473 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2024-11-21 6.8 Medium
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.
CVE-2019-20471 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2024-11-21 7.8 High
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
CVE-2019-20470 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2024-11-21 7.5 High
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.
CVE-2019-20468 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2024-11-21 9.8 Critical
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.