Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Onepeloton Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40527 1 Onepeloton 1 Peloton 2021-10-28 5.0 MEDIUM 7.5 HIGH
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.
CVE-2021-40526 1 Onepeloton 2 Ttr01, Ttr01 Firmware 2021-10-28 5.0 MEDIUM 5.3 MEDIUM
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike
CVE-2021-33887 1 Onepeloton 2 Ttr01, Ttr01 Firmware 2021-06-24 7.2 HIGH 6.8 MEDIUM
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader.