Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
Pebble Prism Ultra v2.9.2: Unsecured Bluetooth Connection Allows Interference
CVE-2025-69969
Summary
The Pebble Prism Ultra v2.9.2 uses Bluetooth without proper security checks, allowing nearby attackers to intercept sensitive data and take control of the device without permission. This means that someone near the device can potentially access and manipulate its settings or data. To fix this, update the Pebble Prism Ultra to a newer version that includes proper security measures.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| pebblepower | pebble_prism_ultra_firmware | <= 2.5.8 | – |
Original title
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse enginee...
Original description
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is exploitable over Bluetooth Low Energy (BLE) proximity (Adjacent), requiring no physical contact with the device. Furthermore, the vulnerability is not limited to arbitrary commands but includes cleartext data interception and unauthenticated firmware hijacking via OTA services.
nvd CVSS3.1
9.6
Vulnerability type
CWE-311
Missing Encryption of Sensitive Data
CWE-319
Cleartext Transmission of Sensitive Information
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026