An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end API. However, the X.509 server certificate within the TLS handshake is not validated by the device. This allows an attacker within an active machine-in-the-middle position, using a TLS proxy and a self-signed certificate, to eavesdrop and manipulate the HTTPS communication. This could be abused, for example, for stealing the API access token of the assigned user account.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes | Release Notes |
| https://syss.de | Third Party Advisory |
| https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-030.txt | Exploit Third Party Advisory |
Configurations
History
08 Jul 2025, 14:32
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:yftech:coros_pace_3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:yftech:coros_pace_3:-:*:*:*:*:*:*:* |
|
| First Time |
Yftech
Yftech coros Pace 3 Yftech coros Pace 3 Firmware |
|
| References | () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-030.txt - Exploit, Third Party Advisory | |
| References | () https://support.coros.com/hc/en-us/articles/20087694119828-COROS-PACE-3-Release-Notes - Release Notes | |
| References | () https://syss.de - Third Party Advisory |
20 Jun 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-20 14:15
Updated : 2025-07-08 14:32
NVD link : CVE-2025-32878
Mitre link : CVE-2025-32878
JSON object : View
Products Affected
yftech
- coros_pace_3_firmware
- coros_pace_3
CWE
No CWE.