EIP-2026-101353

PRE-CVE

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101353. PoCs published by Alok kumar.

AI-analyzed exploit summary This exploit demonstrates a BLE traffic replay attack against Maxima Max Pro Power smartwatches (firmware v1.0 486A) by sending crafted HEX values to the GATT characteristic handle 0x0012. It allows unauthorized actions such as changing time display format, updating time, and modifying notifications without authentication.

Description

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Exploits (1)

exploitdb WORKING POC

by Alok kumar · textremotehardware

https://www.exploit-db.com/exploits/51850

View Code ZIP pw:eip

This exploit demonstrates a BLE traffic replay attack against Maxima Max Pro Power smartwatches (firmware v1.0 486A) by sending crafted HEX values to the GATT characteristic handle 0x0012. It allows unauthorized actions such as changing time display format, updating time, and modifying notifications without authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Maxima Max Pro Power (firmware v1.0 486A)

No auth needed

Prerequisites: Bluetooth LE scanner (e.g., bluetoothctl) · gattool for BLE interaction · Physical proximity to the target device

MITRE ATT&CK

T1565.001 - Stored Data Manipulation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026