Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers

8.3 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users.

Basic Information

ID CVE-2026-9219

Source icscert

Published Jun 25, 2026 at 23:10

Affected Product

Vendor Shenzhen i365-Tech Co. Ltd.

Product Setracker2 Parental Control App (Android) package com.tgelec.setracker

Affected Versions Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker 0

CWE Classification

CWE-340

References

raw.githubusercontent.com /cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json

{
    "lastseen": "",
    "description": "Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users.",
    "published": "2026-06-25T23:10:19.862Z",
    "modified": "2026-06-25T23:10:19.862Z",
    "type": "cve",
    "title": "Setracker2 Children's Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers",
    "source": "icscert",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/VA/white/2026/va-26-176-01.json",
    "id": "CVE-2026-9219",
    "bulletinFamily": "",
    "cwe": [
        "CWE-340"
    ],
    "cvelist": null,
    "sourceData": "Shenzhen i365-Tech Co. Ltd. Setracker2 Parental Control App (Android) package com.tgelec.setracker 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.3,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Setracker2 Parental Control App (Android) package com.tgelec.setracker",
    "version": "0",
    "vendor": "Shenzhen i365-Tech Co. Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Setracker2 Children’s Smartwatch Ecosystem Generation of Predictable Numbers or Identifiers_CVE-2026-9219