7 matches found
CVE-2025-32878
COROS PACE 3 vulnerable through version 3.0808.0 due to unvalidated X.509 server certificates during TLS handshakes when the device connects to WLAN to fetch firmware info. An active MITM with a self-signed cert can eavesdrop and manipulate HTTPS, potentially stealing the user’s API access token....
CVE-2025-48706
The CVE-2025-48706 entry concerns COROS PACE 3 up to version 3.0808.0. Affected component: the device firmware handling Bluetooth Low Energy messages. Root cause: an out-of-bounds read in processing a crafted BLE message. Impact: when exploited, the device can reboot (availability impact) with co...
CVE-2025-32877
CVE-2025-32877 affects COROS PACE 3 devices up to firmware 3.0808.0. The device identifies itself as having no input/output capabilities, leading to the use of the Just Works BLE pairing method with no authentication. This enables a machine-in-the-middle scenario and allows attackers to interact ...
CVE-2025-48705
CVE-2025-48705 affects COROS PACE 3 up to version 3.0808.0. The issue is caused by a NULL pointer dereference when processing a crafted BLE message, which can force the device to reboot. In the provided sources, there is no explicit patch version or official fix detail. A reported workaround from...
CVE-2025-32876
The CVE-2025-32876 issue affects COROS PACE 3 devices (through 3.0808.0). The BLE stack does not support LE Secure Connections and uses BLE Legacy Pairing, where the Short-Term Key can be easily guessed. The Temporary Key is 0 due to Just Works, enabling an attacker within Bluetooth range to snif...
CVE-2025-32879
CVE-2025-32879 affects COROS PACE 3 (up to v3.0808.0). The device advertises when no Bluetooth connection is present, allowing an unauthenticated BLE connection. Once connected, all BLE services/characteristics appear to require no authentication, enabling actions such as configuring the device, ...
CVE-2025-32880
The CVE-2025-32880 entry concerns COROS PACE 3 devices (through 3.0808.0) where WLAN-based firmware downloads occur over HTTP, unencrypted, enabling sniffing and man-in-the-middle attacks. Affected component is the WLAN firmware update/download flow; root cause is lack of encryption in the HTTP t...