The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.
Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0333 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
14 Nov 2023, 18:35
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0333 - Third Party Advisory | |
First Time |
Syska sw100 Smartwatch Firmware
Syska sw100 Smartwatch Syska |
|
CPE | cpe:2.3:o:syska:sw100_smartwatch_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:syska:sw100_smartwatch:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CWE | CWE-862 |
07 Nov 2023, 03:50
Type | Values Removed | Values Added |
---|---|---|
Summary | The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. |
31 Oct 2023, 12:58
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-31 12:15
Updated : 2024-08-03 01:16
NVD link : CVE-2022-3007
Mitre link : CVE-2022-3007
CVE.ORG link : CVE-2022-3007
JSON object : View
Products Affected
syska
- sw100_smartwatch_firmware
- sw100_smartwatch
CWE
CWE-862
Missing Authorization