Back to overview

CVE-2026-37271

Description
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearby device to trigger functionality on the smartwatch.

Metadata

CVE ID
CVE-2026-37271
State
PUBLISHED
Assigner
mitre
Reserved
2026-04-06 00:00 UTC
Published
2026-07-07 00:00 UTC
Last updated
2026-07-07 22:36 UTC
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
Back to overview