Vulnerability:
Unauthenticated Firmware Update
Vulnerability Description
It was identified on analyzing the Bluetooth LE Characteristics of the device that it is using Nordic DFU 0.1 and has no signature verification for OTA Firmware Update. An attacker can send a malicious firmware and brick the device
CVE-ID
CVE-2021-35951
Vendor
Fastrack
Product
Fastrack Reflex 2.0 Activity Tracker
https://www.fastrack.in/collections/reflex-2
Disclosure Timeline
17 Nov 2020 reported to the vendor
30th June 2021 CVE was assigned and reserved by MITRE
7 April 2022 No response from the vendor and moving forward to Public disclosure.
Credit
Shakir zari