CVE-2020-15486

Name of the Vulnerable Software and Affected Versions Dr Trust ECG Pen version 2.00.08

Description An issue allows attackers to access the GATT server of the device without requiring pairing or security. This enables attackers to sniff data being broadcasted during measurements and extract saved data over a Bluetooth connection. Additionally, attackers can launch a man-in-the-middle attack against data integrity.

Recommendations For Dr Trust ECG Pen version 2.00.08, consider disabling Bluetooth LE support until a secure pairing or security mechanism is implemented to prevent unauthorized access. Restrict access to the GATT server to minimize the risk of data sniffing and extraction. Avoid using the device for sensitive measurements until the issue is resolved.