2024-7-30 20:35:43 Author: packetstormsecurity.com(查看原文) 阅读量:0 收藏
[Suggested description]
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices.
When using the device at initial setup, a default password is used
(123456) for administrative purposes. There is no prompt to change this password.
Note that this password can be used in combination with CVE-2019-20470.------------------------------------------
[Vulnerability Type]
Incorrect Access Control
------------------------------------------
[Vendor of Product]
TK-star
------------------------------------------
[Affected Product Code Base]
TK-Star Q90 Junior GPS horloge - 3.1042.9.8656
------------------------------------------
[Affected Component]
Smartwatch
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
An attacker needs to send an SMS to the device's mobile number.
Knowledge of the mobile number is required before this vulnerability
can be exploited.
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Dennis van Warmerdam, Jasper Nota, Jim Blankendaal
------------------------------------------
[Reference]
https://www.tk-star.com
Use CVE-2019-20471.
如有侵权请联系:admin#unsafe.sh