Lucene search

[email protected]CVE-2021-35951

HistoryDec 26, 2022 - 6:15 a.m.

CVE-2021-35951

2022-12-2606:15:09

[email protected]

web.nvd.nist.gov

cve-2021-35951

fastrack reflex 2.0 w307s_reflex

unauthenticated remote attacker

malicious firmware update

ble

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.

Affected configurations

NVD

Node

fastrackreflex_2.0Match-

AND

fastrackreflex_2.0_firmwareMatch90.89

CPENameOperatorVersion
fastrack:reflex_2.0_firmwarefastrack reflex 2.0 firmwareeq90.89

CPE	Name	Operator	Version
fastrack:reflex_2.0_firmware	fastrack reflex 2.0 firmware	eq	90.89

References

payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update

www.fastrack.in/shop/watch-smart-wearables-reflex-2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for CVE-2021-35951

cvelist1 nvd1 prion1