Vulnerabilities > CVE-2023-46916 - Unspecified vulnerability in Maximawatches Maxima MAX PRO Power Firmware 1.0486A

CVSS 4.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

low complexity

maximawatches

NVD

Published: 2023-12-07

Updated: 2024-11-21

Summary

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.

Vulnerable Configurations

Part	Description	Count
OS	Maximawatches Maximawatches Maxima MAX PRO Power Firmware 1.0_486A	1
Hardware	Maximawatches Maximawatches Maxima MAX PRO Power -	1

References

http://packetstormsecurity.com/files/175660
http://packetstormsecurity.com/files/175660
https://www.maximawatches.com/products/max-pro-power
https://www.maximawatches.com/products/max-pro-power