Products
EXPLIoT CloudFuzz

Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Denial of service (Device Crashing) on Fastrack reflex 2.0 activity tracker

Vulnerability

Fuzzing characteristic value leads to Device crash

Vulnerability Description

It was identified Fuzzing char value last 3 bytes of the watch was getting crashed after 5 minutes it restarts, Bluetooth doesn’t work and doesn’t show in the network, and attacker can crash the watch and make unusable.

CVE-ID

CVE-2021-35953

Vendor

Fastrack

Product

Fastrack Reflex 2.0 Activity Tracker

Disclosure Timeline

17 Nov 2020 reported to the vendor

30th June 2021 No response from the vendor and moving forward to public disclosure.

Credit

Shakir Zari