CVE-2021-35954

2022-12-2600:00:00

mitre

www.cve.org

cve-2021-35954

firmware dumping

malicious firmware

swd feature

device bricking

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.

References

payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex

www.fastrack.in/shop/watch-smart-wearables-reflex-2