CVE-2016-10702

MEDIUM

Pebble Firmware < 4.3 - Unauthorized Data Access via UUID Manipulation

Title source: llm
STIX 2.1

Description

Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.

References (1)

Core 1
Core References

Scores

CVSS v3 6.1
EPSS 0.0065
EPSS Percentile 46.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Details

CWE
CWE-200
Status published
Products (1)
pebble/pebble_firmware < 4.3
Published Nov 28, 2017
Tracked Since Feb 18, 2026