CVE-2026-37271
Fire-Boltt · Smartwatch FB BGS001
The Fire-Boltt Smartwatch FB BGS001 firmware allows unauthorized access via GATT Write Request commands, enabling replay attacks using captured BLE packets.
Executive summary
A critical authentication bypass vulnerability in Fire-Boltt Smartwatch FB BGS001 firmware allows attackers to execute arbitrary commands via BLE replay attacks.
Vulnerability
The device suffers from improper authentication, failing to validate sessions for GATT Write Request commands. An unauthenticated attacker in physical proximity can capture and replay Bluetooth Low Energy (BLE) packets to trigger device functions.
Business impact
This vulnerability poses a significant risk to user privacy and device integrity. With a CVSS score of 9.8, the potential for total system compromise is high, as an attacker could manipulate smartwatch functions without user consent. Such unauthorized access could lead to the exposure of sensitive personal data or the disruption of critical device services.
Remediation
Immediate Action: Review the vendor advisory at https://github.com/advisories/GHSA-wjqj-v3q8-x4h3 and apply firmware updates if available.
Proactive Monitoring: Monitor the environment for unusual Bluetooth pairing requests or unexpected device behavior that may indicate unauthorized BLE interaction.
Compensating Controls: Disable Bluetooth connectivity on the device when not in use and avoid pairing in public, high-traffic areas where BLE sniffing could occur.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Given the critical severity of this authentication bypass, administrators and users must prioritize the application of security patches. If a firmware update is not currently available, maintain strict physical control over the device and limit exposure to unauthorized Bluetooth environments.