HIGHCVE-2026-9220Published Modified CNA icscert
CVE-2026-9220: Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- Shenzhen i365-Tech Co. Ltd. / Setracker2 Parental Control App (Android) package com.tgelec.setracker≤ 3.1.5
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:NReferences