216.73.216.169

CVE-2024-36557

· Published 06/02/2025 18:15 · Modified 10/02/2025 15:15

Labels: CVE-2024-36557 2025-02-06CVE-2024-36557CWE-290[email protected]

Essential information

Published
06/02/2025 18:15
Modified
10/02/2025 15:15
Author
Creator
CVSS
6.6 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References