Cyber Resilience

CVE-2021-40526

Medium

Published: 25 October 2021

Published
25 October 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0081 74.7th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-40526 is a medium-severity Incorrect Calculation of Buffer Size (CWE-131) vulnerability in Onepeloton Ttr01 Firmware. Its CVSS base score is 4.8 (Medium).

Operationally, ranked in the top 25.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling…

more

the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

onepeloton
ttr01 firmware
≤ ptv55g

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References