{"vulnerability": "CVE-2021-3595", "sightings": [{"uuid": "5e82d309-89aa-442b-8c31-620c57a9b306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35952", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11693", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-35952\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:30:06.545Z\n\ud83d\udd17 References:\n1. https://www.fastrack.in/shop/watch-smart-wearables-reflex-2\n2. https://payatu.com/advisory/lack-of-bluetooth-le-pairing-fastrack-reflex", "creation_timestamp": "2025-04-14T18:54:29.000000Z"}, {"uuid": "e412d2ba-c9da-4048-a0bc-95a896f1e34a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35951", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11692", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-35951\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:30:26.765Z\n\ud83d\udd17 References:\n1. https://www.fastrack.in/shop/watch-smart-wearables-reflex-2\n2. https://payatu.com/advisory/fastrack-reflex-unauthenticated-firmware-update", "creation_timestamp": "2025-04-14T18:54:28.000000Z"}, {"uuid": "ded04998-b7bd-47ff-bea1-20a487693bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35956", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/737", "content": "CVE-2021-35956 AKCP sensorProbe SPX476 XSS\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-35956_AKCP_sensorProbe_SPX476_XSS%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:19.000000Z"}, {"uuid": "41ff4060-ea6a-4f37-9719-b941ece9292f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35954", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11695", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-35954\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:29:00.391Z\n\ud83d\udd17 References:\n1. https://www.fastrack.in/shop/watch-smart-wearables-reflex-2\n2. https://payatu.com/advisory/dumping-and-re-flashing-firmware-fastrack-reflex", "creation_timestamp": "2025-04-14T18:54:31.000000Z"}, {"uuid": "7cd21c98-aebf-40db-862d-bc71b95f6b7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35953", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11694", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-35953\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-14T18:29:40.126Z\n\ud83d\udd17 References:\n1. https://www.fastrack.in/shop/watch-smart-wearables-reflex-2\n2. https://payatu.com/advisory/device-crash-fastrack-reflex-two-activity-tracker", "creation_timestamp": "2025-04-14T18:54:30.000000Z"}, {"uuid": "7a8a664b-e5f5-4b32-b880-53e356f5a857", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35955", "type": "seen", "source": "https://t.me/cibsecurity/27222", "content": "\u203c CVE-2021-35955 \u203c\n\nContao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-12T18:39:42.000000Z"}, {"uuid": "a0ae5815-6006-4ca7-b0e6-e2e4073c6632", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35959", "type": "seen", "source": "https://t.me/cibsecurity/25807", "content": "\u203c CVE-2021-35959 \u203c\n\nIn Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-30T07:29:31.000000Z"}]}