Description
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch.
Published:
2026-07-07
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 07 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-07T22:36:14.388Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-37271
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.