Lucene search

[email protected]NVD:CVE-2022-3007

HistoryOct 31, 2023 - 12:15 p.m.

CVE-2022-3007

2023-10-3112:15:08

CWE-862

[email protected]

web.nvd.nist.gov

syska sw100 smartwatch

nordic dfu

bluetooth low energy

firmware update

data manipulation

vulnerability

ota

unauthenticated attacker

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%

JSON

The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.

Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.

Affected configurations

NVD

Node

syskasw100_smartwatch_firmwareRange≤2.0

AND

syskasw100_smartwatchMatch-

References

www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0333

8.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%

JSON

Related for NVD:CVE-2022-3007

cve1 prion1 cvelist1