CVE-2018-11631 PoC — Rondaful M1 Wristband Smart Band 1 安全漏洞

Source

https://github.com/ColeShelly/bandexploit

Associated Vulnerability

Title:Rondaful M1 Wristband Smart Band 1 安全漏洞 (CVE-2018-11631)
Description:Rondaful M1 Wristband Smart Band 1是一款能够实时监测心率的智能手环设备。 Rondaful M1 Wristband Smart Band 1设备中存在安全漏洞。远程攻击者可借助特制的Bluetooth Low Energy (BLE)流量利用该漏洞发送任意数量的调用或SMS通知。

Description

M1 Band Smart Watch Bluetooth Low Energy Exploit python script (CVE-2018-11631)

Readme

# Band Exploit (CVE-2018-11631)

A Simple Python script Using Gatttool to exploit an Insecure Bluetooth Low Energy Smart Watch ( M1 Band 1).

 CVE-2018-11631 : https://nvd.nist.gov/vuln/detail/CVE-2018-11631

![alt BandExploit](https://github.com/xMagass/bandexploit/raw/master/bandexploit.png)

Usage: bandexploit.py [options] Address 

Options:

  -h, --help            show this help message and exit
  
  -s, --sms             Send SMS Notification to the device
  
  -c, --call            Send CALL Notification to the device
  
  -r REPEAT, --repeat=REPEAT Number of repetitions
                        
  -m MESSAGE, --message=MESSAGE  Notification message to send. Max_LEN = 8


Example: Sending 15 Call notifications with message xMagass

      ./bandexploit.py 78:02:b7:21:1d:fc -r 15 -m xMagass -c

File Snapshot


 [4.0K]  /data/pocs/4f7b674ea693a2b32a7ce4ad27944dd9e4242479
├── [ 40K]  bandexploit.png
├── [4.3K]  bandexploit.py
└── [ 809]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!