CVE-2022-3007

Name of the Vulnerable Software and Affected Versions Syska SW100 Smartwatch (affected versions not specified)

Description The issue exists due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) used for Over-The-Air (OTA) firmware updates on Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation could allow the attacker to perform firmware update, device reboot, or data manipulation on the target device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.