CRITICAL🇵🇱 Wersja polska

CVE-2024-36554

CVSS 9.8v3.1pub. 2025-02-06upd. 2026-04-15

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information.

🤖 AI Analysis
How it works

An attacker sends a specially crafted SMS message to the phone number assigned to the watch. The device automatically processes such a message and sends back sensitive information about itself in response. The mechanism does not require user interaction or any permissions — access to the GSM network is sufficient.

Impact

An attacker can remotely obtain sensitive information about the device, which may lead to a violation of the child's privacy and enable further attacks on the watch or its users.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until firmware is updated, it is recommended to monitor SMS activity on the device and consider restricting the ability to receive SMS messages from unknown numbers if the watch management platform allows this.

Who is affected

Forever KidsWatch Call Me KW-50 with firmware R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 with firmware R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References