HIGHCVE-2026-9219Published Modified CNA icscert
CVE-2026-9219: Setracker2 Children's Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users.
Metrics
- CVSS v4.0
- 8.3
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Shenzhen i365-Tech Co. Ltd. / Setracker2 Parental Control App (Android) package com.tgelec.setracker≤ 3.1.5
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:NReferences