CVE-2020-11539

HIGH

Tata Sonata Smart SF Rush 1.12 - Unauthenticated Cleartext Transmission of Sensitive Information

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11539. PoCs published by the-girl-who-lived.

AI-analyzed exploit summary This PoC demonstrates an improper access control vulnerability in Tata Sonata Smartband (Smart SF Rush - 1.12) due to lack of BLE pairing encryption and authentication. It provides a reversed packet structure and a `gatttool` command to manipulate the device's time without authorization.

Description

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device.

Exploits (1)

nomisec WORKING POC 1 stars
by the-girl-who-lived · poc
https://github.com/the-girl-who-lived/CVE-2020-11539

This PoC demonstrates an improper access control vulnerability in Tata Sonata Smartband (Smart SF Rush - 1.12) due to lack of BLE pairing encryption and authentication. It provides a reversed packet structure and a `gatttool` command to manipulate the device's time without authorization.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Tata Sonata Smartband Smart SF Rush 1.12
No auth needed
Prerequisites: BLE-enabled device · gatttool or similar BLE interaction tool · physical proximity to target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.1
EPSS 0.0103
EPSS Percentile 59.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-306 CWE-319 CWE-347
Status published
Products (1)
titan/sf_rush_smart_band_firmware 1.12
Published Apr 22, 2020
Tracked Since Feb 18, 2026