PT-2023-30260 · Unknown · Maxima Max Pro Power
Published
2023-12-06
·
Updated
2023-12-12
·
CVE-2023-46916
CVSS v3.1
4.3
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Maxima Max Pro Power version 1.0 486A
Description
The issue allows BLE traffic replay, enabling an attacker to perform potentially disruptive actions. This can be achieved by using the GATT characteristic handle
0x0012, for example, to start a Heart Rate monitor.Recommendations
For Maxima Max Pro Power version 1.0 486A, as a temporary workaround, consider restricting access to the GATT characteristic handle
0x0012 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Maxima Max Pro Power