15 matches found
EUVD-2026-26586
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smprandom currently labels the stored STK as authenticated whenever pendingseclevel is BTSECURITYHIGH. That reflects what the...
CVE-2026-1354 Zero Motorcycles Firmware Key Exchange without Entity Authentication
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
70mai X200 访问控制错误漏洞
The 70mai X200 is a head-only car recorder from 70mai 70mai, a Chinese company. An access control error vulnerability exists in 70mai X200 20251010 and earlier versions, which stems from a lack of authentication in the pairing component and could lead to remote attacks...
EUVD-2016-7462
Malware in sbrugna...
CVE-2025-32877
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle...
CVE-2023-39231
CVE-2023-39231 affects PingFederate with the PingOne MFA adapter, where a threat actor who knows a victim’s first-factor credentials can pair a new MFA device without second-factor authentication. Core impact is unauthorized MFA enrollment, risking account compromise. Affected product/adapter and...
Cisco Touch 10 安全漏洞
Cisco Touch 10 is a video conferencing system control unit from Cisco. It is designed for intuitive touch-based interaction with Webex Room Kit Series, Webex Rome Series, and Panorama Series systems, providing instant access to meetings, contacts, directories, and content. An authentication error...
CVE-2020-26555
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BDADDR of the peer device to complete pairing without knowledge of the PIN...
CVE-2016-6549 Zizai Tech Nut allows for unauthenticated Bluetooth pairing
The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute...
CVE-2016-6541
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
CVE-2016-6541
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
Code injection
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
CVE-2016-6541 TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes
TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-653...
CVE-2016-6541
The CVE-2016-6541 entry concerns TrackR Bravo. The affected software is the TrackR Bravo mobile app (iOS v5.1.6, Android v2.2.5). The vulnerability arises from unauthenticated pairing, enabling unauthenticated connected applications to write to various device attributes. The connected documents c...
Tracking Devices Latest Privacy Risk to Users
Update: TrackR has responded to Rapid7’s disclosure. First, it said it has addressed the authentication issue months ago, but the deprecated call remained online even though it was no longer used by its apps. “We are grateful that Rapid7 brought this possible point of confusion to our attention; ...