CVE-2023-46447

MEDIUM

POPS! Rebel 5.0 - Cleartext Transmission of Sensitive Information via BLE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46447. PoCs published by actuator.

AI-analyzed exploit summary This repository documents a vulnerability in the Pops Rebel Bluetooth Glucose Monitoring System where sensitive diabetic data is transmitted in cleartext over BLE. The writeup includes static code analysis, BLE capture evidence, and vendor notification details.

Description

The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.

Exploits (1)

nomisec WRITEUP 1 stars

by actuator · poc

https://github.com/actuator/rebel

View Code ZIP pw:eip

This repository documents a vulnerability in the Pops Rebel Bluetooth Glucose Monitoring System where sensitive diabetic data is transmitted in cleartext over BLE. The writeup includes static code analysis, BLE capture evidence, and vendor notification details.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pops Rebel Bluetooth Glucose Monitoring System (Android version 5.0)

No auth needed

Prerequisites: BLE proximity to the device

MITRE ATT&CK

T1040 - Network Sniffing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory

https://github.com/actuator/rebel/blob/main/CWE-319.md

View Exploit ZIP pw:eip

Product

https://play.google.com/store/apps/details?id=com.pops.pops

Product

https://popsdiabetes.com/about-us/

Scores

CVSS v3 4.3

EPSS 0.0038

EPSS Percentile 29.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (1)

popsdiabetes/rebel 5.0

Published Jan 20, 2024

Tracked Since Feb 18, 2026