CVE-2019-20470

Related Files

TK-Star Q90 Junior GPS Horloge 3.1042.9.8656 Default Password

Posted Jul 30, 2024

Authored by Jasper Nota, Jim Blankendaal, Dennis van Warmerdam

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.

tags | advisory

advisories | CVE-2019-20470, CVE-2019-20471

SHA-256 | e8053fe5ffde193ef64f389c10296bdc5332d86109140c7971011eee3c2c7921

Download | Favorite | View

TK-Star Q90 Junior GPS Horlage 3.1042.9.8656 SMS Control

Posted Jul 30, 2024

Authored by Jasper Nota, Jim Blankendaal, Dennis van Warmerdam

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,password,call,mobile_number triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.

tags | advisory, telephony

advisories | CVE-2019-20470, CVE-2019-20471

SHA-256 | c037e2ee83a5523ffd033fa937fdfb763b41df886c5224e3cf246b802481b761

Download | Favorite | View