CVE-2024-36553

High

Published: 06 February 2025

Published

06 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0009 26.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack.

Security Summary

CVE-2024-36553 is a Man-in-the-Middle (MITM) vulnerability affecting the Forever KidsWatch Call Me KW-50 device with firmware version R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h. Mapped to CWE-300 (Channel Accessible by Non-Endpoint), it earned a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), highlighting its high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.

Any remote attacker without privileges can exploit this vulnerability over the network, provided they induce user interaction. Successful MITM interception enables high confidentiality and integrity violations, such as eavesdropping on or tampering with device communications, potentially leading to remote hijacking of the children's smartwatch.

A referenced research document details exploitation techniques for remotely hijacking children's smartwatches but provides no specific advisories, patches, or mitigation guidance.

Details

CWE(s): CWE-300

References

https://www.diva-portal.org/smash/record.jsf?aq2=%5B%5B%5D%5D&c=1&af=%5B%5D&searchType=SIMPLE&sortOrder2=title_sort_asc&query=Exploiting+Vulnerabilities+to+Remotely+Hijack+Children%E2%80%99s+Smartwatches&language=en&pid=diva2%3A1933447&aq=%5B%5B%5D%5D&sf=undergraduate&aqe=%5B%5D&sortOrder=author_sort_asc&onlyFullText=false&noOfRows=50&dswid=-8296
cve@mitre.org