Forever KidsWatch IMEI-Based Device Hijacking Vulnerability

Vulnerability

A vulnerability exists in the Forever KidsWatch Call Me KW50 and Call Me 2 KW60 models, both of which are designed for communication between parents and children. The issue arises from the watches' device IDs, which are based on the IMEI numbers. A malicious user can hijack a watch by changing its IMEI to that of a registered unit, allowing control of the device through the associated mobile app.

Impact

Exploitation of this vulnerability allows for unauthorized control of the smartwatch via the mobile application, effectively hijacking the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.2

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.2

remediation

0.0

relevance

0.0

threat

4.8

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Forever KidsWatch IMEI-Based Device Hijacking Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating