Vulnerability
Lack of Bluetooth LE pairing and access control Time, date, and month on the smartwatch
Vulnerability Description
It was identified on analyzing the Bluetooth LE Characteristics of the device that, on handle 0x0017 the value modifying the time date and month changes. An attacker can change the time date and month.
CVE-ID
CVE-2021-35952
Vendor
Fastrack
Product
Fastrack Reflex 2.0 Activity Tracker
Disclosure Timeline
17 Nov 2020 reported to the vendor
30th June 2021 No response from the vendor and moving forward to public disclosure.
Credit
Shakir Zari