payatu.com
Open in
urlscan Pro
104.26.11.130
Public Scan
URL:
https://payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update
Submission: On January 04 via api from US — Scanned from DE
Submission: On January 04 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT EXPLIoT is framework for IoT security testing and exploitation. CloudFuzz CloudFuzz is platform that lets you code for bugs by running your software with millions of test cases. Who we are About Us Payatu Bandits Resources Blogs MasterClass Series Case Studies E-Books New Advisory Media Checklist Reports Tools securecode.wiki New Contact Us Pune Location Europe Location Australia Location USA Location Top Openings Security consultant IT sales Pre-Sales Executive Software Developer Embedded Developer ALL OPENINGS Get all of it Be a Bandit Services Products Who we are Resources Contact Us We are Hiring * Home * News * Advisory * Hardware-Lab * Contact-Us * Career Back Services Products Who we are Resources News Advisory Hardware Lab Career Contact Us Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT CloudFuzz Resources Blogs MasterClass Series Case Studies E-Books New Advisory Media Checklist Reports Tools securecode.wiki New Who we are About Us Payatu Bandits Contact Us Pune Location Europe Location Australia Location TECHNICAL ADVISORY Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings. UNAUTHENTICATED FIRMWARE UPDATE IN FASTRACK REFLEX 2.0 ACTIVITY TRACKER VULNERABILITY: Unauthenticated Firmware Update VULNERABILITY DESCRIPTION It was identified on analyzing the Bluetooth LE Characteristics of the device that it is using Nordic DFU 0.1 and has no signature verification for OTA Firmware Update. An attacker can send a malicious firmware and brick the device CVE-ID CVE-2021-35951 VENDOR Fastrack PRODUCT Fastrack Reflex 2.0 Activity Tracker https://www.fastrack.in/collections/reflex-2 DISCLOSURE TIMELINE 17 Nov 2020 reported to the vendor 30th June 2021 CVE was assigned and reserved by MITRE 7 April 2022 No response from the vendor and moving forward to Public disclosure. CREDIT Shakir zari Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments. Subscribe to our newsletter Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT CloudFuzz Conference Nullcon Hardwear.io Resources Blog E-Book Advisory Media Case Studies MasterClass Series Securecode.wiki About About Us Career News Contact Us Payatu Bandits Hardware-Lab Disclosure Policy All rights reserverved © 2022 Payatu Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments. Subscribe to our newsletter Services IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure Products EXPLIoT CloudFuzz Conference Nullcon Hardwear.io Resources Blog E-Book Advisory Media Case Studies MasterClass Series Securecode.wiki About About Us Career News Contact Us Payatu Bandits Hardware-Lab Disclosure Policy All rights reserverved © 2021 Payatu