8.8
CVE-2026-2065
- EPSS 0.02%
- Veröffentlicht 06.02.2026 20:02:07
- Zuletzt bearbeitet 05.03.2026 20:52:26
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginA security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Flycatcher ≫ Smart Pixelator Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.063 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.8 | 6.5 | 6.4 |
AV:A/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.