CVE-2023-46916

EUVD-2023-51080
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
maximawatchesmaxima_max_pro_power_firmware
1.0_486a:_486a
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/175660
https://www.maximawatches.com/products/max-pro-power
http://packetstormsecurity.com/files/175660
https://www.maximawatches.com/products/max-pro-power