Filtered by vendor Onepeloton Subscriptions
Filtered by product Ttr01 Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40526 1 Onepeloton 2 Ttr01, Ttr01 Firmware 2024-11-21 4.8 Medium
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike
CVE-2021-33887 1 Onepeloton 2 Ttr01, Ttr01 Firmware 2024-11-21 6.8 Medium
Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader.