CVE Catalog

CVE-2026-9219

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and prior generate a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment, allowing an attacker who obtains the registration ID to arbitrarily enroll watches belonging to other users.

Risk Assessment

The risk involves potential takeover of other users' devices (watches), leading to privacy breaches, location tracking, or impersonation of the victim.

Recommendation

Immediately update the Setracker2 app to the latest available version that fixes this vulnerability. If no update is available, consider temporarily discontinuing use of the app until a patch is released.

Original NVD description (English source)

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily enroll watches belonging to other users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS