ByteOS Network

NVD Vulnerability Details :

CVE-2021-33887

Analyzed

Source-cve@mitre.org

Published At-15 Jun, 2021 | 20:15

Updated At-24 Jun, 2021 | 13:06

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

onepeloton>>ttr01_firmware>>Versions up to ptv55g(inclusive)

cpe:2.3:o:onepeloton:ttr01_firmware:*:*:*:*:*:*:*:*

onepeloton>>ttr01>>-

cpe:2.3:h:onepeloton:ttr01:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-345	Primary	nvd@nist.gov

CWE ID: CWE-345

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://fccid.io/2AA3N-TTR01	cve@mitre.org	Third Party Advisory
https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/is-your-peloton-spinning-up-malware/	cve@mitre.org	Third Party Advisory
https://youtu.be/RLjXfvb0ADw	cve@mitre.org	Exploit Third Party Advisory

Hyperlink: https://fccid.io/2AA3N-TTR01

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/is-your-peloton-spinning-up-malware/

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://youtu.be/RLjXfvb0ADw

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History