Shakir Zari

**Name of the Vulnerable Software and Affected Versions** Frontier X2 (affected versions not specified) Frontier X mobile application (affected versions not specified) **Description** The Frontier X2 device permits unauthenticated Bluetooth Low Energy (BLE) read and write access to critical Generic Attribute Profile (GATT) characteristics because it does not enforce pairing authentication or authorization. This allows an attacker within BLE range to gain unauthorized control over device functions, such as starting or stopping activities, triggering vibrations, causing denial-of-service conditions, and fuzzing characteristic values to induce unexpected behavior. Furthermore, the Frontier X mobile application does not properly authenticate BLE devices, enabling attackers to impersonate a legitimate Frontier X2 device. By cloning BLE advertisements and exposing the expected GATT characteristics, attackers can manipulate activity states and inject fabricated health telemetry, including heart rate, breathing rate, strain, and other health-related data, into the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Syska SW100 Smartwatch (affected versions not specified) **Description** The issue exists due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) used for Over-The-Air (OTA) firmware updates on Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation could allow the attacker to perform firmware update, device reboot, or data manipulation on the target device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker **Description** The issue allows an unauthenticated remote attacker to send a malicious firmware update via Bluetooth Low Energy (BLE) and potentially brick the device. **Recommendations** For fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker, as a temporary workaround, consider disabling Bluetooth Low Energy (BLE) connectivity until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker **Description** The issue allows a remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017. **Recommendations** For fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker, as a temporary workaround, consider restricting access to the Bluetooth LE Characteristics on handle 0x0017 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker **Description** The issue allows a remote attacker to cause a Denial of Service, resulting in a device outage. This can be achieved via crafted choices of the last three bytes of a `characteristic value`. **Recommendations** For fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker, as a temporary workaround, consider restricting access to the characteristic value to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker version 90.89 **Description** The issue allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature. **Recommendations** For fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker version 90.89, as a temporary workaround, consider disabling the Serial Wire Debug (SWD) feature until a patch is available.