An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device.
References
Link | Resource |
---|---|
https://github.com/the-girl-who-lived/CVE-2020-11539/ | Exploit Third Party Advisory |
https://medium.com/%40sayliambure/hacking-a-5-smartband-824763ab6e8f |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-22T13:27:10
Updated: 2020-04-22T13:27:10
Reserved: 2020-04-04T00:00:00
Link: CVE-2020-11539
JSON object: View
NVD Information
Status : Modified
Published: 2020-04-22T14:15:12.347
Modified: 2023-11-07T03:14:59.037
Link: CVE-2020-11539
JSON object: View
Redhat Information
No data.