PT-2022-10481 · Unknown · Fastrack Reflex 2.0

Shakir Zari

Published

2022-12-26

Updated

2023-01-11

CVE-2021-35954

CVSS v3.1

8.1

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker version 90.89

Description The issue allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.

Recommendations For fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker version 90.89, as a temporary workaround, consider disabling the Serial Wire Debug (SWD) feature until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-35954

Affected Products

Fastrack Reflex 2.0

PT-2022-10481 · Unknown · Fastrack Reflex 2.0

CVE-2021-35954

Related Identifiers

Affected Products

References · 5