Products
EXPLIoT CloudFuzz

Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Lack of Bluetooth LE pairing and access control in Fastrack reflex 2.0 activity tracker

Vulnerability

Lack of Bluetooth LE pairing and access control Time, date, and month on the smartwatch

Vulnerability Description

It was identified on analyzing the Bluetooth LE Characteristics of the device that, on handle 0x0017 the value modifying the time date and month changes. An attacker can change the time date and month.

CVE-ID

CVE-2021-35952

Vendor

Fastrack

Product

Fastrack Reflex 2.0 Activity Tracker

Disclosure Timeline

17 Nov 2020 reported to the vendor

30th June 2021 No response from the vendor and moving forward to public disclosure.

Credit

Shakir Zari