Primary

Context

COROS PACE 3 Out-of-Bounds Read Vulnerability Leading to Device Reboot

Vulnerability

A vulnerability allowing an out-of-bounds read has been identified in the COROS PACE 3 smartwatch, affecting versions through 3.0808.0. This vulnerability arises from improper handling of Bluetooth Low Energy (BLE) messages, which can be exploited to cause the device to reboot. When the watch is rebooted, any ongoing activity is abruptly terminated, resulting in the loss of recorded data.

Impact

Exploitation of this vulnerability causes the smartwatch to reboot, disrupting any active tasks and erasing unsaved data.

Reproduction

The vulnerability can be reproduced by connecting to the COROS PACE 3 via Bluetooth and writing specific byte sequences to a designated characteristic. The first byte sequence, 'b900', is sent followed by '0000'. This sequence triggers the out-of-bounds read vulnerability, causing the watch to reboot.

Added: Jun 20, 2025, 2:19 PM

Updated: Jun 20, 2025, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

COROS PACE 3 Out-of-Bounds Read Vulnerability Leading to Device Reboot

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating