Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 23:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Authentication in Fire‑Boltt Smartwatch Allowing BLE Replay Attack |
Mon, 13 Jul 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Authentication in Fire‑Boltt Smartwatch Allowing BLE Replay Attack |
Mon, 13 Jul 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Unauthorized BLE Replay Enables Remote Control on Fire‑Boltt Smartwatch |
Sun, 12 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Unauthorized BLE Replay Enables Remote Control on Fire‑Boltt Smartwatch |
Sat, 11 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Authentication in Fire‑Boltt Smartwatch Enables BLE Replay Attack |
Fri, 10 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Authentication in Fire‑Boltt Smartwatch Enables BLE Replay Attack |
Fri, 10 Jul 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Authentication in Fire‑Boltt Smartwatch Firmware Allows BLE Replay Attacks | |
| Weaknesses | CWE-613 |
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 09 Jul 2026 02:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Wed, 08 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Authentication in Fire‑Boltt Smartwatch Firmware Allows BLE Replay Attacks | |
| Weaknesses | CWE-287 CWE-613 |
Tue, 07 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-09T14:43:11.606Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-37271
Updated: 2026-07-09T14:04:52.671Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T23:15:08Z