CVE-2021-35954

fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.1 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
fastrackreflex_2.0_firmware
90.89
𝑥
= Vulnerable software versions
References
https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex
https://www.fastrack.in/shop/watch-smart-wearables-reflex-2
https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex
https://www.fastrack.in/shop/watch-smart-wearables-reflex-2