CRITICAL🇵🇱 Wersja polska

CVE-2025-32877

CVSS 9.8v3.1pub. 2025-06-20upd. 2025-07-08

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle attacks. Furthermore, this lack of authentication allows attackers to interact with the device via BLE without requiring prior authorization.

🤖 AI Analysis
How it works

The device declares no capability for data input and output (no keyboard or screen), so the Bluetooth Low Energy (BLE) pairing mechanism automatically selects the 'Just Works' method. This method does not implement any authentication of the pairing parties, meaning that any attacker within radio range can pair with the device or intercede in communication without the user's knowledge. The lack of authentication also enables direct interaction with the device via BLE without prior authorization.

Impact

An attacker can intercept and modify BLE communication between the smartwatch and mobile application (man-in-the-middle attack), and also issue unauthorized commands directly to the device, which threatens the confidentiality, integrity, and availability of data and watch functions.

Mitigation & patch

The COROS PACE 3 device firmware should be updated to a version released after 3.0808.0 in accordance with information in the manufacturer's release notes available at support.coros.com. It is also recommended to avoid pairing the device in public places until the patch is applied.

Who is affected

COROS PACE 3 devices with firmware versions up to and including 3.0808.0 (Yftech Coros Pace 3 Firmware)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Yftech Coros Pace 3

    HW
    Yftech
    wszystkie wersje
  • Yftech Coros Pace 3 Firmware

    OS
    Yftech
    ≤ 3.0808.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-32878CRITICAL9.8PL ✓ten sam produkt

Brak walidacji certyfikatu TLS w COROS PACE 3 — atak MITM

CVE-2025-32880CRITICAL9.8PL ✓ten sam produkt

COROS PACE 3 — pobieranie firmware przez niezaszyfrowane HTTP (MitM)

CVE-2025-48706CRITICAL9.1PL ✓ten sam produkt

Out-of-bounds read w COROS PACE 3 umożliwia zdalne wymuszenie restartu urządzenia

CVE-2025-32879HIGH8.8ten sam produkt

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connec...

CVE-2025-48705HIGH7.5ten sam produkt

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sen...