{ "dataType": "CVE_RECORD", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2019-20469", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T17:12:06.348Z", "dateReserved": "2020-02-17T00:00:00.000Z", "datePublished": "2024-11-07T00:00:00.000Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-07T20:38:11.006Z" }, "descriptions": [ { "lang": "en", "value": "An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable." } ], "affected": [ { "vendor": "n/a", "product": "n/a", "versions": [ { "version": "n/a", "status": "affected" } ] } ], "references": [ { "url": "https://www.one2track.nl" }, { "name": "20240729 Bunch of IoT CVEs", "tags": [ "mailing-list" ], "url": "https://seclists.org/fulldisclosure/2024/Jul/14" } ], "problemTypes": [ { "descriptions": [ { "type": "text", "lang": "en", "description": "n/a" } ] } ] }, "adp": [ { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-922", "lang": "en", "description": "CWE-922 Insecure Storage of Sensitive Information" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2024-11-08T16:15:19.527397Z", "id": "CVE-2019-20469", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T16:16:16.481Z" } }, { "title": "CVE Program Container", "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jul/14" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:12:06.348Z" } } ] }, "dataVersion": "5.2" }