CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READEXTERNALSTORAGE, WRITEEXTERNALSTORAGE, and READCONTACTS...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READEXTERNALSTORAGE, WRITEEXTERNALSTORAGE, and READCONTACTS...

CVE-2019-20471

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used 123456 for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-2047...

Default credentials

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password,...

CVE-2019-20468

The CVE-2019-20468 entry applies to SeTracker2 for TK-Star Q90 Junior GPS watch, version 3.1042.9.8656. Affected component/behavior: the software requests unnecessary permissions (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, READ_CONTACTS), enabling access to local data and contacts. Root cause...

CVE-2019-20468

An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READEXTERNALSTORAGE, WRITEEXTERNALSTORAGE, and READCONTACTS...

CVE-2019-20473

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use...

CVE-2019-20471

The CVE-2019-20471 entry concerns TK-Star Q90 Junior GPS horloge (firmware 3.1042.9.8656). The issue is that during initial setup a default admin password (123456) is used with no prompt to change it, enabling potential unauthorized administrative access. The connected Red Hat CVEs indicate this ...

CVE-2019-20470

The TK-Star Q90 Junior GPS watch (firmware 3.1042.9.8656) is affected by CVE-2019-20470 and CVE-2019-20471. A default administrative password (123456) is used at initial setup and there is no prompt to change it. An SMS with the proper password, e.g., pw,,call,, can trigger the watch to initiate ...

PT-2021-9035 · Unknown · Tk-Star Q90 Junior Gps

Name of the Vulnerable Software and Affected Versions: TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 Description: A security issue was found in the initial setup of the device, where a default password 123456 is used for administrative purposes without prompting the user to change it. This...