CVE-2021-44480

Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.
References
Link Resource
https://news.drweb.com/show/?i=14350 Third Party Advisory
https://news.drweb.com/show/?i=14350 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wokkalokka:wokka_watch_q50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:wokkalokka:wokka_watch_q50:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () https://news.drweb.com/show/?i=14350 - Third Party Advisory () https://news.drweb.com/show/?i=14350 - Third Party Advisory

Information

Published : 2021-12-01 16:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-44480

Mitre link : CVE-2021-44480

CVE.ORG link : CVE-2021-44480


JSON object : View

Products Affected

wokkalokka

  • wokka_watch_q50
  • wokka_watch_q50_firmware
CWE
CWE-319

Cleartext Transmission of Sensitive Information

CWE-1188

Insecure Default Initialization of Resource