CRITICAL🇵🇱 Wersja polska

CVE-2025-32878

CVSS 9.8v3.1pub. 2025-06-20upd. 2025-07-08

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end API. However, the X.509 server certificate within the TLS handshake is not validated by the device. This allows an attacker within an active machine-in-the-middle position, using a TLS proxy and a self-signed certificate, to eavesdrop and manipulate the HTTPS communication. This could be abused, for example, for stealing the API access token of the assigned user account.

🤖 AI Analysis
How it works

The COROS PACE 3 smartwatch establishes an HTTPS connection to the manufacturer's API server during the software update process to retrieve available firmware information. During the TLS handshake, the device does not verify the validity of the X.509 certificate presented by the server. An attacker in an active man-in-the-middle position can substitute their own TLS proxy with a self-signed certificate and thereby decrypt and modify all communication between the smartwatch and the server. This allows eavesdropping on transmitted data, including API access tokens for the associated user account.

Impact

An attacker can intercept sensitive data transmitted by the smartwatch, in particular the access token to the user's account in the manufacturer's API, and manipulate server responses, which could lead to injection of malicious firmware or other unauthorized actions.

Mitigation & patch

The COROS PACE 3 device software must be updated to a version higher than 3.0808.0. Detailed information about available updates can be found in the manufacturer's official release notes: https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes

Who is affected

Yftech COROS PACE 3 devices with software version up to and including 3.0808.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Yftech Coros Pace 3

    HW
    Yftech
    wszystkie wersje
  • Yftech Coros Pace 3 Firmware

    OS
    Yftech
    ≤ 3.0808.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-32877CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia BLE w COROS PACE 3 — atak machine-in-the-middle

CVE-2025-32880CRITICAL9.8PL ✓ten sam produkt

COROS PACE 3 — pobieranie firmware przez niezaszyfrowane HTTP (MitM)

CVE-2025-48706CRITICAL9.1PL ✓ten sam produkt

Out-of-bounds read w COROS PACE 3 umożliwia zdalne wymuszenie restartu urządzenia

CVE-2025-32879HIGH8.8ten sam produkt

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connec...

CVE-2025-48705HIGH7.5ten sam produkt

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sen...