Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39592

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39597

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39591

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS5.9AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39598

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS5.9AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-9219

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-9221

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/25 11:27 p.m.7 views

CVE-2026-9221 Setracker2 Children's Smartwatch Ecosystem Use of a Broken or Risky Cryptographic Algorithm

The Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the...

8.7CVSS5.8AI score0.00161EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/07/10 4:25 p.m.43 views

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose. The vulnerabilities stem from the SETracker application, which is developed by Chinese developer 3G Electronics based out of Shenzhen City. The app,...

0.2AI score
Exploits0References13
Rows per page
Query Builder