Source |
CVE Liste |
Identifiant |
8403528 |
Date de publication |
2023-10-31 12:15:08 (vue: 2023-10-31 15:07:31) |
Titre |
CVE-2022-3007 |
Texte |
** UNSUPPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth LowDispositifs d'énergie (BLE).Un attaquant non authentifié pourrait exploiter cette vulnérabilité en définissant des valeurs arbitraires à gérer sur l'appareil vulnérable sur Bluetooth.
L'exploitation réussie de cette vulnérabilité pourrait permettre à l'attaquant d'effectuer une mise à jour du micrologiciel, un redémarrage de l'appareil ou une manipulation de données sur le périphérique cible.
** UNSUPPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.
Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. |
Envoyé |
Oui |
Condensat |
2022 3007 air allow and/or arbitrary assigned attacker ble bluetooth configuration could cve data device devices dfu due energy exists exploit exploitation firmware handle implementation improper low manipulation nordic ota over perform performing reboot setting smartwatch successful sw100 syska target unauthenticated unsuppported update updates used values vulnerability vulnerable when which |
Tags |
Vulnerability
Threat
|
Stories |
|
Notes |
|
Move |
|