Vulnerabilities > CVE-2021-35954 - Unspecified vulnerability in Fastrack Reflex 2.0 Firmware 90.89

CVSS 8.1 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

low complexity

fastrack

NVD

Published: 2022-12-26

Updated: 2023-01-11

Summary

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.

Vulnerable Configurations

Part	Description	Count
OS	Fastrack Fastrack Reflex 2.0 Firmware 90.89	1
Hardware	Fastrack Fastrack Reflex 2.0 -	1

References

https://www.fastrack.in/shop/watch-smart-wearables-reflex-2
https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex