PT-2026-52634 · Shenzhen I365 Tech Co. · Setracker2 Parental Control App (Android) Package Com.Tgelec.Setracker
Huancheng Hu
·
Published
2026-06-25
·
Updated
2026-06-26
·
CVE-2026-9219
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Setracker2 Parental Control App (Android) Package Com.Tgelec.Setracker