CVE-2024-36557

Name of the Vulnerable Software and Affected Versions: Forever KidsWatch Call Me KW50 R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h Forever KidsWatch Call Me 2 KW60 R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b

Description: The issue is related to the device ID being based on the IMEI. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app.

Recommendations: For Forever KidsWatch Call Me KW50 R36 YDR A3PW GM7S V1.0 2019 07 15 16.19.24 cob h, consider implementing an additional authentication mechanism to prevent unauthorized access. For Forever KidsWatch Call Me 2 KW60 R36CW YDE S4 A29 2 V1.0 2023.05.24 22.49.44 cob b, restrict access to the device ID and IMEI information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.