An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HYftech Coros Pace 3
HWYftechwszystkie wersjeYftech Coros Pace 3 Firmware
OSYftech≤ 3.0808.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
Related vulnerabilities
CVE-2025-32877CRITICAL9.8PL ✓ten sam produkt
Brak uwierzytelnienia BLE w COROS PACE 3 — atak machine-in-the-middle
CVE-2025-32878CRITICAL9.8PL ✓ten sam produkt
Brak walidacji certyfikatu TLS w COROS PACE 3 — atak MITM
CVE-2025-32880CRITICAL9.8PL ✓ten sam produkt
COROS PACE 3 — pobieranie firmware przez niezaszyfrowane HTTP (MitM)
CVE-2025-32879HIGH8.8ten sam produkt
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connec...
CVE-2025-48705HIGH7.5ten sam produkt
An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sen...