Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key (STK) can be easily guessed. This requires knowledge of the Temporary Key (TK), which, in the case of the COROS Pace 3, is set to 0 due to the Just Works pairing method. An attacker within Bluetooth range can therefore perform sniffing attacks, allowing eavesdropping on the communication.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
COROS PACE 3 安全漏洞
Vulnerability Description
Bluetooth等都是蓝牙特别兴趣小组(SIG)标准组织的产品。Bluetooth是一种短距离无线技术标准,Cafe Bazaar hod等都是(Cafe Bazaar)开源的产品。hod是一个库。roc req等都是(roc)个人开发者的产品。req是一个使用 Black Magic 的简单 Go HTTP 客户端。 COROS PACE 3 3.0808.0及之前版本存在安全漏洞,该漏洞源于BLE实现仅支持旧版配对,可能导致通信窃听。
CVSS Information
N/A
Vulnerability Type
N/A