CVE-2023-46916 — MEDIUM (4.3)

Vulnerability Description

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Maximawatches	Maxima Max Pro Power Firmware	1.0_486a
Maximawatches	Maxima Max Pro Power	-

References

http://packetstormsecurity.com/files/175660ExploitThird Party AdvisoryVDB Entry
https://www.maximawatches.com/products/max-pro-powerProduct
http://packetstormsecurity.com/files/175660ExploitThird Party AdvisoryVDB Entry
https://www.maximawatches.com/products/max-pro-powerProduct

FAQ

What is CVE-2023-46916?

CVE-2023-46916 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.

How severe is CVE-2023-46916?

CVE-2023-46916 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-46916?

Check the references section above for vendor advisories and patch information. Affected products include: Maximawatches Maxima Max Pro Power Firmware, Maximawatches Maxima Max Pro Power.