Yftech Coros_pace_3_firmware
7 CVEs affecting Yftech Coros_pace_3_firmware. Latest disclosed: 2025-06-20. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32880 | Critical | 9.8 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 d… |
CVE-2025-32878 | Critical | 9.8 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for download… |
CVE-2025-32877 | Critical | 9.8 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the u… |
CVE-2025-48706 | Critical | 9.1 | 2025-06-20 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot. |
CVE-2025-32879 | High | 8.8 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to con… |
CVE-2025-48705 | High | 7.5 | 2025-06-20 | An issue was discovered in COROS PACE 3 through 3.0808.0. Due to a NULL pointer dereference vulnerability, sending a crafted BLE message forces the device to r… |
CVE-2025-32876 | Medium | 6.8 | 2025-06-20 | An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and ins… |