Vulnerability Details CVE-2021-33887
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.8%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
- https://fccid.io/2AA3N-TTR01
- https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/is-your-peloton-spinning-up-malware/
- https://youtu.be/RLjXfvb0ADw
- https://fccid.io/2AA3N-TTR01
- https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/is-your-peloton-spinning-up-malware/
- https://youtu.be/RLjXfvb0ADw
Products affected by CVE-2021-33887
-
cpe:2.3:h:onepeloton:ttr01:-
-
cpe:2.3:o:onepeloton:ttr01_firmware:-
-
cpe:2.3:o:onepeloton:ttr01_firmware:ptv55g