CVE-2019-20469

{"id": "CVE-2019-20469", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2024-11-07T21:15:05.540", "references": [{"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "source": "cve@mitre.org"}, {"url": "https://www.one2track.nl", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-922"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos One2Track el 8 de diciembre de 2019. La informaci\u00f3n confidencial se almacena innecesariamente en el reloj inteligente. Los archivos de audio se almacenan en formato .amr, en el directorio audior. Un atacante que tenga acceso f\u00edsico puede recuperar todos los archivos de audio conect\u00e1ndose a trav\u00e9s de un cable USB."}], "lastModified": "2024-11-08T19:01:03.880", "sourceIdentifier": "cve@mitre.org"}