Lucene search
+L
YftechCoros Pace 3 Firmware

7 matches found

CVE
CVE
added 2025/06/20 12:0 a.m.34 views

CVE-2025-32878

COROS PACE 3 vulnerable through version 3.0808.0 due to unvalidated X.509 server certificates during TLS handshakes when the device connects to WLAN to fetch firmware info. An active MITM with a self-signed cert can eavesdrop and manipulate HTTPS, potentially stealing the user’s API access token....

9.8CVSS6.5AI score0.00346EPSS
CVE
CVE
added 2025/06/20 12:0 a.m.32 views

CVE-2025-48706

The CVE-2025-48706 entry concerns COROS PACE 3 up to version 3.0808.0. Affected component: the device firmware handling Bluetooth Low Energy messages. Root cause: an out-of-bounds read in processing a crafted BLE message. Impact: when exploited, the device can reboot (availability impact) with co...

9.1CVSS6.4AI score0.00515EPSS
CVE
CVE
added 2025/06/20 12:0 a.m.28 views

CVE-2025-32877

CVE-2025-32877 affects COROS PACE 3 devices up to firmware 3.0808.0. The device identifies itself as having no input/output capabilities, leading to the use of the Just Works BLE pairing method with no authentication. This enables a machine-in-the-middle scenario and allows attackers to interact ...

9.8CVSS7.4AI score0.00623EPSS
CVE
CVE
added 2025/06/20 12:0 a.m.27 views

CVE-2025-48705

CVE-2025-48705 affects COROS PACE 3 up to version 3.0808.0. The issue is caused by a NULL pointer dereference when processing a crafted BLE message, which can force the device to reboot. In the provided sources, there is no explicit patch version or official fix detail. A reported workaround from...

7.5CVSS6.4AI score0.00446EPSS
CVE
CVE
added 2025/06/20 12:0 a.m.26 views

CVE-2025-32876

The CVE-2025-32876 issue affects COROS PACE 3 devices (through 3.0808.0). The BLE stack does not support LE Secure Connections and uses BLE Legacy Pairing, where the Short-Term Key can be easily guessed. The Temporary Key is 0 due to Just Works, enabling an attacker within Bluetooth range to snif...

6.8CVSS6.5AI score0.00336EPSS
CVE
CVE
added 2025/06/20 12:0 a.m.25 views

CVE-2025-32879

CVE-2025-32879 affects COROS PACE 3 (up to v3.0808.0). The device advertises when no Bluetooth connection is present, allowing an unauthenticated BLE connection. Once connected, all BLE services/characteristics appear to require no authentication, enabling actions such as configuring the device, ...

8.8CVSS7AI score0.00466EPSS
CVE
CVE
added 2025/06/20 12:0 a.m.22 views

CVE-2025-32880

The CVE-2025-32880 entry concerns COROS PACE 3 devices (through 3.0808.0) where WLAN-based firmware downloads occur over HTTP, unencrypted, enabling sniffing and man-in-the-middle attacks. Affected component is the WLAN firmware update/download flow; root cause is lack of encryption in the HTTP t...

9.8CVSS7.3AI score0.00381EPSS