Dennis Van Warmerdam

**Name of the Vulnerable Software and Affected Versions** One2Track version 2019-12-08 **Description** An issue was discovered where any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device produces a "Remove PIN and restart!" message and cannot be used, making it easier for an attacker to use the SIM card by stealing the device. **Recommendations** For One2Track version 2019-12-08, consider removing the PIN from the SIM card to allow the device to function, as a temporary workaround until a more permanent solution is available. However, this does not mitigate the underlying issue and users are urged to update to the latest version as soon as possible to ensure the security of their devices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sannce Smart HD Wifi Security Camera (affected versions not specified) **Description** An issue was discovered on Sannce Smart HD Wifi Security Camera devices, where a TELNET interface is available by default, although not advertised or functionally used. Two backdoor accounts, `root` and `default`, exist on this interface, with the same usernames and passwords on all devices. Attackers can use these backdoor accounts to obtain access and execute code as `root` within the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeTracker2 for TK-Star Q90 Junior GPS horloge version 3.1042.9.8656 **Description** An issue was discovered in the software, where it has unnecessary permissions such as `READ EXTERNAL STORAGE`, `WRITE EXTERNAL STORAGE`, and `READ CONTACTS`. **Recommendations** For version 3.1042.9.8656, consider restricting the use of unnecessary permissions to minimize potential risks until a patch or update is available.