16 matches found
EUVD-2023-51080
Malicious code in bioql PyPI...
Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)
Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
Design/Logic Flaw
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
Maxima Max Pro Power Security Vulnerability
The Maxima Max Pro Power is a smartwatch from Maxima. A security vulnerability exists in Maxima Max Pro Power 1.0 486A, which originates from allowing BLE traffic replay, and can be exploited by an attacker to perform destructive actions, such as activating the heart rate monitor, using GATT...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
CVE-2023-46916
Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor...
CVE-2023-46916
CVE-2023-46916 affects Maxima Max Pro Power 1.0 486A watches. The BLE threat is a replay at GATT handle 0x0012, enabling unauthorized actions such as starting/changing the heart‑rate monitor and related display/notification changes. Public exploit notes describe unauthenticated access demonstrati...
PT-2023-30260 · Unknown · Maxima Max Pro Power
Name of the Vulnerable Software and Affected Versions: Maxima Max Pro Power version 1.0 486A Description: The issue allows BLE traffic replay, enabling an attacker to perform potentially disruptive actions. This can be achieved by using the GATT characteristic handle 0x0012, for example, to start...
CVE-2016-11030
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 with Hrm sensor support software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341...
Gang Up on the Problem, Not Each Other
Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributor is Katherine Carpenter. The imaginary world in which an artificial intelligence can kill a person by adjusting the insulin from his pump to a deadl...
Heart Rate Monitor (Instant) - Possible privilege escalation, Runtime command execution, SD-card access vulnerabilities
HackApp vulnerability scanner discovered that application Heart Rate Monitor Instant published at the 'play' market has multiple vulnerabilities...
Unique Heart Rate Monitor - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Unique Heart Rate Monitor published at the 'play' market has multiple vulnerabilities...
Heart Rate Monitor ANT+ BLE - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Heart Rate Monitor ANT+ BLE published at the 'play' market has multiple vulnerabilities...