How severe is CVE-2026-9220?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Shenzhen I365-tech Co. Ltd. Setracker2 Parental Control App (Android) Package Com.tgelec.setracker

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 wat…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Shenzhen I365-tech Co. Ltd. Setracker2 Parental Control App (Android) Package Com.tgelec.setracker — versions 0

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

ics-cert@hq.dhs.gov

Frequently asked questions

What is CVE-2026-9220?: CVE-2026-9220 is a high-severity vulnerability in Shenzhen I365-tech Co. Ltd. Setracker2 Parental Control App (Android) Package Com.tgelec.setracker, classified under Use of Hard-coded Cryptographic Key. CVSS score: 7.5/10. Published 2026-06-26.
How severe is CVE-2026-9220?: High severity. CVSS v3 base score is 7.5 out of 10.