CVE-2024-36558 – The Forever KidsWatch Call Me KW-50 smartwatch ... (How to Fix)

Q: What is the severity of CVE-2024-36558?

CVE-2024-36558 has a CVSS score of 7.5 (HIGH). The Forever KidsWatch Call Me KW-50 smartwatch transmits sensitive information without encryption, allowing attackers to intercept communications between the device and server. This affects children wearing the smartwatch and their guardians who use the companion app, exposing location data, call logs, and personal information.

📋 TL;DR

The Forever KidsWatch Call Me KW-50 smartwatch transmits sensitive information without encryption, allowing attackers to intercept communications between the device and server. This affects children wearing the smartwatch and their guardians who use the companion app, exposing location data, call logs, and personal information.

💻 Affected Systems

Products:

Forever KidsWatch Call Me KW-50

Versions: R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h

Operating Systems: Embedded smartwatch OS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with this firmware version are vulnerable by default. No special configuration required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept unencrypted communications to track child's real-time location, eavesdrop on conversations, access personal data, and potentially send false alerts to guardians.

🟠

Likely Case

Attackers passively monitor network traffic to collect location history, contact lists, and device identifiers for surveillance or data harvesting.

🟢

If Mitigated

With network segmentation and monitoring, risk reduces to unauthorized data access only from within the same network segment.

🌐 Internet-Facing: HIGH - Device communicates with cloud servers over internet without encryption, exposing all transmitted data to interception.

🏢 Internal Only: MEDIUM - Within local networks, attackers can still intercept communications but require network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to intercept traffic. No authentication bypass needed as communications are cleartext.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - Check with vendor for updated firmware

Vendor Advisory: Not provided in CVE details

Restart Required: No

Instructions:

1. Contact Forever manufacturer for firmware updates. 2. If update available, download via companion app. 3. Apply update to smartwatch following vendor instructions.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate smartwatch traffic to separate VLAN with strict egress filtering

VPN Tunnel

all

Route all smartwatch communications through encrypted VPN tunnel

🧯 If You Can't Patch

Discontinue use of vulnerable smartwatch model
Use only in controlled environments with network monitoring and segmentation

🔍 How to Verify

Check if Vulnerable:

Use network analyzer (Wireshark) to capture traffic from smartwatch. Look for unencrypted HTTP or plaintext data transmissions.

Check Version:

Check firmware version in companion app settings or device information screen on smartwatch.

Verify Fix Applied:

After update, capture network traffic and verify all communications use TLS/SSL encryption (HTTPS, SSL/TLS handshakes visible).

📡 Detection & Monitoring

Log Indicators:

Unusual outbound connections from smartwatch
Multiple failed connection attempts to unusual destinations

Network Indicators:

Cleartext HTTP traffic to cloud servers on unusual ports
Lack of TLS/SSL encryption in device-server communications

SIEM Query:

source_ip=[smartwatch_ip] AND (protocol=HTTP OR (NOT protocol=TLS)) AND destination_port NOT IN (443, 993, 995)

📊 Metadata

CVE ID: CVE-2024-36558

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

EPSS Score: 0.06% exploit probability (17.4th percentile)

Published: February 6, 2025

Last Updated: March 19, 2025

🔗 References

https://www.diva-portal.org/smash/record.jsf?aq2=%5B%5B%5D%5D&c=1&af=%5B%5D&searchType=SIMPLE&sortOrder2=title_sort_asc&query=Exploiting+Vulnerabilities+to+Remotely+Hijack+Children%E2%80%99s+Smartwatches&language=en&pid=diva2%3A1933447&aq=%5B%5B%5D%5D&sf=undergraduate&aqe=%5B%5D&sortOrder=author_sort_asc&onlyFullText=false&noOfRows=50&dswid=-8296

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36558, you might also want to check these: