CVE-2024-39081

MEDIUM

SMART TYRE CAR & BIKE <4.2.0 - SSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-39081. PoCs published by Amirasaiyad.

AI-analyzed exploit summary The repository lacks actual exploit code and instead points to an external PDF for vulnerability details. The README contains marketing language and product descriptions without technical specifics about the vulnerability or exploit mechanism.

Description

An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.

Exploits (1)

nomisec SUSPICIOUS

by Amirasaiyad · poc

https://github.com/Amirasaiyad/BLE-TPMS

View Code ZIP pw:eip

The repository lacks actual exploit code and instead points to an external PDF for vulnerability details. The README contains marketing language and product descriptions without technical specifics about the vulnerability or exploit mechanism.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: TREEL TPMS (Bluetooth-based TPMS for bikes)

No auth needed

Prerequisites: Bluetooth access to the target TPMS device

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Technical Description, Third Party Advisory

https://github.com/Amirasaiyad/BLE-TPMS/blob/main/README.md

View Exploit ZIP pw:eip

Exploit, Technical Description, Third Party Advisory

https://github.com/Amirasaiyad/BLE-TPMS/blob/main/Treel_BLE_TPMS_Penetration_Testing_Report.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 4.2

EPSS 0.0046

EPSS Percentile 35.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-294

Status published

Products (1)

jktyre/smart_tyre_car_\&_bike 4.2.0

Published Sep 18, 2024

Tracked Since Feb 18, 2026