This page lists publicly disclosed CVE vulnerabilities affecting fastrack reflex_2.0_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-35954 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to dump the firmware, flash custom malicious firmware, and brick the device via the Serial Wire Debug (SWD) feature. | [email protected] | 8.1 | 0.33% | 2022-12-26 | 2026-06-16 |
| CVE-2021-35953 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service (device outage) via crafted choices of the last three bytes of a characteristic value. | [email protected] | 7.5 | 0.84% | 2022-12-26 | 2026-06-16 |
| CVE-2021-35952 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time, date, and month via Bluetooth LE Characteristics on handle 0x0017. | [email protected] | 5.3 | 0.57% | 2022-12-26 | 2026-06-16 |
| CVE-2021-35951 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device. | [email protected] | 7.5 | 0.89% | 2022-12-26 | 2026-06-16 |