CVE-2019-20471

{"id": "CVE-2019-20471", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-02-01T21:15:13.670", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Jul/14", "source": "cve@mitre.org"}, {"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.tk-star.com", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/14", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.eurofins-cybersecurity.com/news/connected-devices-smart-watches/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tk-star.com", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos TK-Star Q90 Junior GPS horloge versi\u00f3n 3.1042.9.8656. Cuando se usa el dispositivo en la configuraci\u00f3n inicial, una contrase\u00f1a predeterminada es usada (123456) con fines administrativos. No existe ning\u00fan mensaje para cambiar esta contrase\u00f1a. Tome en cuenta que esta contrase\u00f1a puede ser usada en combinaci\u00f3n con el CVE-2019-20470"}], "lastModified": "2024-11-21T04:38:33.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tk-star:q90_junior_gps_horloge_firmware:3.1042.9.8656:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "577BCAEA-0DF3-42A0-8662-5155D9C208D7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tk-star:q90_junior_gps_horloge:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3DBB04DB-ED55-4752-8D25-E6EFD8448648"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}