28 matches found
CVE-2021-35954
fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug SWD feature...
PT-2022-10478 · Unknown · Fastrack Reflex 2.0
Name of the Vulnerable Software and Affected Versions: fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker Description: The issue allows an unauthenticated remote attacker to send a malicious firmware update via Bluetooth Low Energy BLE and potentially brick the device. Recommendations: For...
Thinkst Canarytokens 跨站脚本漏洞
Thinkst Canarytokens is a web activity tracking system. Thinkst Canarytokens suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute Javascript code...
Malicious code in gd-activity-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be919ac20b6023e27b37ab04354acc2fe0d76aadf72ab3ccea2dafed5df390a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3301 Malicious code in gd-activity-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be919ac20b6023e27b37ab04354acc2fe0d76aadf72ab3ccea2dafed5df390a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Design/Logic Flaw
On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, such as Charge 2, transmit Bluetooth Low...
CVE-2014-10374
CVE-2014-10374 concerns Fitbit activity-tracker devices where BLE advertising uses a TxAdd flag for random addresses, but the addresses remain constant. This leads to “permanent trackability” and privacy concerns when a device is sniffed at multiple fixed locations, enabling an adversary to tell ...
Samsung Activity Tracker - Dangerous filesystem permissions, Exported ContentProvider, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application Samsung Activity Tracker published at the 'play' market has multiple vulnerabilities...