Vulnerabilities > CVE-2021-35952 - Unspecified vulnerability in Fastrack Reflex 2.0 Firmware 90.89

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

fastrack

NVD

Published: 2022-12-26

Updated: 2023-01-05

Summary

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017.

Vulnerable Configurations

Part	Description	Count
OS	Fastrack Fastrack Reflex 2.0 Firmware 90.89	1
Hardware	Fastrack Fastrack Reflex 2.0 -	1

References

https://www.fastrack.in/shop/watch-smart-wearables-reflex-2
https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex