CRITICAL🇵🇱 Wersja polska

CVE-2025-32880

CVSS 9.8v3.1pub. 2025-06-20upd. 2025-07-08

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks.

🤖 AI Analysis
How it works

The COROS PACE 3 device, when connected to a WLAN network, initiates firmware file downloads via unencrypted HTTP protocol (CWE-319 — transmission of sensitive data in plaintext). An attacker present on the same network can intercept the transmission (sniffing) or conduct a machine-in-the-middle attack by substituting their own malicious firmware file in place of the original. The lack of integrity verification or authentication of the downloaded file allows untrusted software to be installed on the smartwatch.

Impact

An attacker can replace the device firmware with malicious code, gaining full control over the smartwatch, and intercept data transmitted during the update. The consequence may be permanent compromise of the device and violation of user data confidentiality and integrity.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references (COROS PACE 3 Release Notes). As a temporary measure, it is recommended to avoid connecting the device to untrusted WLAN networks and to implement network segmentation to limit the possibility of a MitM attack.

Who is affected

COROS PACE 3 devices with firmware version 3.0808.0 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Yftech Coros Pace 3

    HW
    Yftech
    wszystkie wersje
  • Yftech Coros Pace 3 Firmware

    OS
    Yftech
    ≤ 3.0808.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-32877CRITICAL9.8PL ✓ten sam produkt

Brak uwierzytelnienia BLE w COROS PACE 3 — atak machine-in-the-middle

CVE-2025-32878CRITICAL9.8PL ✓ten sam produkt

Brak walidacji certyfikatu TLS w COROS PACE 3 — atak MITM

CVE-2025-48706CRITICAL9.1PL ✓ten sam produkt

Out-of-bounds read w COROS PACE 3 umożliwia zdalne wymuszenie restartu urządzenia

CVE-2025-32879HIGH8.8ten sam produkt

An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connec...

CVE-2025-48705HIGH7.5ten sam produkt

An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sen...