CVE-2020-11539

Name of the Vulnerable Software and Affected Versions Tata Sonata Smart SF Rush version 1.12

Description An issue has been identified where the smart band operates with no pairing, utilizing mode 0 Bluetooth LE security level. This results in unencrypted data transmission over the air. Furthermore, the data sent to the smart band lacks authentication or signature verification, allowing any attacker to control a parameter of the device.

Recommendations For Tata Sonata Smart SF Rush version 1.12, consider disabling Bluetooth connectivity until a patch or secure pairing mechanism is implemented to prevent unauthorized control of the device. Restrict access to the device's parameters to minimize the risk of exploitation. Avoid using the device until the issue is resolved with proper encryption and authentication measures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.