CVE-2019-20468
Description
SeTracker2 app on TK-Star Q90 Junior GPS watch has unnecessary permissions (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, READ_CONTACTS), risking data exposure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SeTracker2 app on TK-Star Q90 Junior GPS watch has unnecessary permissions (READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, READ_CONTACTS), risking data exposure.
Vulnerability
The SeTracker2 app on TK-Star Q90 Junior GPS horloge (version 3.1042.9.8656) has unnecessary permissions including READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS [1]. These permissions are not required for the app's core functionality, potentially exposing sensitive user data.
Exploitation
An attacker with physical access to the device or through a malicious app on the same device could exploit these permissions to read or write external storage and access contacts without additional user consent [1].
Impact
Exploitation could lead to unauthorized access to sensitive data stored on the device, including contacts and files, compromising user privacy [1].
Mitigation
The vendor has not released a fixed version as of the publication date. Users should review and restrict app permissions via device settings, and consider the device's potential end-of-life status [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- SeTracker2/SeTracker2 for TK-Star Q90 Junior GPS horlogedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.