CVE-2018-11631 PoC — Rondaful M1 Wristband Smart Band 1 安全漏洞

Source

https://github.com/ColeShelly/bandexploit

Associated Vulnerability

Title:Rondaful M1 Wristband Smart Band 1 安全漏洞 (CVE-2018-11631)
Description:Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.

Description

M1 Band Smart Watch Bluetooth Low Energy Exploit python script (CVE-2018-11631)

Readme

# Band Exploit (CVE-2018-11631)

A Simple Python script Using Gatttool to exploit an Insecure Bluetooth Low Energy Smart Watch ( M1 Band 1).

 CVE-2018-11631 : https://nvd.nist.gov/vuln/detail/CVE-2018-11631

![alt BandExploit](https://github.com/xMagass/bandexploit/raw/master/bandexploit.png)

Usage: bandexploit.py [options] Address 

Options:

  -h, --help            show this help message and exit
  
  -s, --sms             Send SMS Notification to the device
  
  -c, --call            Send CALL Notification to the device
  
  -r REPEAT, --repeat=REPEAT Number of repetitions
                        
  -m MESSAGE, --message=MESSAGE  Notification message to send. Max_LEN = 8


Example: Sending 15 Call notifications with message xMagass

      ./bandexploit.py 78:02:b7:21:1d:fc -r 15 -m xMagass -c

File Snapshot


 [4.0K]  /data/pocs/4f7b674ea693a2b32a7ce4ad27944dd9e4242479
├── [ 40K]  bandexploit.png
├── [4.3K]  bandexploit.py
└── [ 809]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!