CVE-2023-46916

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
maximawatchesmaxima_max_pro_power_firmware
1.0_486a:_486a
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/175660
https://www.maximawatches.com/products/max-pro-power
http://packetstormsecurity.com/files/175660
https://www.maximawatches.com/products/max-pro-power