Lage Linusson-Hahn

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW-50 version R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h Description: The issue concerns a Man-In-The-Middle (MITM) attack. A MITM attack is a type of cyber attack where an attacker intercepts and alters communication between two parties, often to eavesdrop or impersonate one of the parties. Recommendations: For version R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW-50 version R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h Forever KidsWatch Call Me KW-60 version R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b Description: The issue allows a malicious user to obtain information about the device by sending an SMS to the device, which returns sensitive information. Recommendations: For Forever KidsWatch Call Me KW-50 version R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h, at the moment, there is no information about a newer version that contains a fix for this issue. For Forever KidsWatch Call Me KW-60 version R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW50 R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h Forever KidsWatch Call Me 2 KW-60 R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b Description: The built-in SMS configuration command in the affected devices allows malicious users to change the device's IMEI number, enabling them to forge the device's identity. Recommendations: For Forever KidsWatch Call Me KW50 R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h, consider disabling the SMS configuration command until a patch is available. For Forever KidsWatch Call Me 2 KW-60 R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b, restrict access to the built-in SMS configuration command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW50 version 1.0 Forever KidsWatch Call Me 2 KW60 version 1.0 Description: The issue is related to a hardcoded password, which poses a significant security risk. This allows unauthorized access to the devices. Recommendations: For Forever KidsWatch Call Me KW50 version 1.0, consider changing the hardcoded password to a unique and secure password. For Forever KidsWatch Call Me 2 KW60 version 1.0, consider changing the hardcoded password to a unique and secure password. As a temporary workaround, consider restricting access to the device until a patch is available.

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW50 R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h Forever KidsWatch Call Me 2 KW60 R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b Description: The issue is related to the device ID being based on the IMEI. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app. Recommendations: For Forever KidsWatch Call Me KW50 R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h, consider implementing an additional authentication mechanism to prevent unauthorized access. For Forever KidsWatch Call Me 2 KW60 R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b, restrict access to the device ID and IMEI information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Forever KidsWatch Call Me KW-50 version R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h **Description** The issue is related to the transmission of sensitive information in plaintext due to a lack of encryption in device-server communication. This affects the confidentiality of the data being transmitted. **Recommendations** For version R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h, consider implementing encryption for device-server communication to protect sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.