Vulnerability
Open Serial debug port Allows Dumping, and re- flashing Firmware
Vulnerability Description
It was identified in analyzing the PCB, that the SWD (Serial Wire Debug) the port was open and it gives access to the dumping and re-flashing the firmware. an attacker can dump the firmware and flash custom malicious firmware and brick the device.
CVE-ID
CVE-2021-35954.
Vendor
Fastrack
Product
Fastrack Reflex 2.0 Activity Tracker
Disclosure Timeline
17 Nov 2020 reported to the vendor
30th June 2021 No response from the vendor and moving forward to public disclosure.
Credit
Shakir Zari