Primary

Context

COROS PACE 3 NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

A NULL pointer dereference vulnerability has been identified in the COROS PACE 3 smartwatch, affecting versions through 3.0808.0. This vulnerability allows an attacker to send a crafted Bluetooth Low Energy (BLE) message that forces the device to reboot. Exploiting this issue during an active workout session disrupts the activity and results in the loss of recorded data.

Impact

Exploitation of this vulnerability causes the device to reboot, interrupting any ongoing activities and erasing recorded data.

Reproduction

The vulnerability can be reproduced by connecting to the COROS PACE 3 via Bluetooth and writing a specific byte sequence to a designated characteristic. This action triggers the watch to reboot, demonstrating the denial-of-service effect.

Added: Jun 20, 2025, 2:21 PM

Updated: Jun 20, 2025, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

COROS PACE 3 NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating