Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dr Trust ECG Pen 信息泄露漏洞
Vulnerability Description
Dr Trust ECG Pen是印度信托博士(Dr Trust)公司的一个智能心电图笔设备。 Dr Trust ECG Pen 2.00.08 版本存在信息泄露漏洞,该漏洞源于实现了蓝牙LE支持而无需配对或安全性,所以任何攻击者都可以访问设备的GATT服务器,并可以在进行测量时嗅探正在广播的数据。此外,还可以通过蓝牙连接提取保存的数据。此外,攻击者可以对数据完整性发起中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A