PT-2024-10739 · One2Track · One2Track
Published
2024-11-07
·
Updated
2024-11-10
·
CVE-2019-20469
CVSS v3.1
4.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
One2Track version 2019-12-08
Description
An issue was discovered where confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable.
Recommendations
For One2Track version 2019-12-08, update to the latest firmware and apply all security patches immediately to mitigate potential threats. As a temporary workaround, consider restricting access to the audior directory to minimize the risk of exploitation.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
One2Track