CVE-2019-20470

Name of the Vulnerable Software and Affected Versions TK-Star Q90 Junior GPS horloge version 3.1042.9.8656

Description An issue was discovered in the TK-Star Q90 Junior GPS horloge, where it performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password. For example, the command pw,<password>,call,<mobile number> can trigger an outbound call from the watch. The password may sometimes be available due to previous security issues.

Recommendations For TK-Star Q90 Junior GPS horloge version 3.1042.9.8656, consider changing the default password to prevent unauthorized access and use of the voice communication feature. As a temporary workaround, restrict the watch's ability to receive and process SMS commands until a patch or fix is available.