CVE-2024-46539 is a vulnerability identified in the Bluetooth Low Energy (BLE) component of the Fire-Boltt Artillery Smart Watch NJ-R6E-10.3. The root cause is insecure permissions within the BLE implementation, which allows attackers to remotely cause a Denial of Service (DoS) condition. Specifically, the vulnerability is classified under CWE-284 (Improper Access Control), indicating that the BLE component does not enforce adequate permission checks before processing certain requests or commands. The attack vector is remote over the Bluetooth interface, requiring no privileges or user interaction, making exploitation relatively straightforward for an attacker within Bluetooth range. The vulnerability affects the availability of the device by potentially causing it to crash or become unresponsive, while confidentiality is only minimally impacted and integrity remains intact. The CVSS v3.1 base score is 8.2, reflecting high severity due to the ease of exploitation and the impact on availability. No patches or fixes have been published at the time of disclosure, and there are no known exploits in the wild. This vulnerability highlights the risks associated with insecure BLE implementations in IoT and wearable devices, emphasizing the need for robust access control mechanisms in Bluetooth services.

The primary impact of CVE-2024-46539 is on the availability of the Fire-Boltt Artillery Smart Watch NJ-R6E-10.3. Successful exploitation can cause the device to crash or become unresponsive, resulting in a Denial of Service (DoS). This can disrupt the normal functioning of the smart watch, potentially affecting users who rely on it for health monitoring, notifications, or other critical functions. While the confidentiality impact is limited, the loss of availability can degrade user experience and trust in the device. For organizations deploying these devices at scale, such as in corporate wellness programs or healthcare monitoring, this vulnerability could lead to operational disruptions. The lack of required privileges and user interaction lowers the barrier for attackers, increasing the likelihood of exploitation in environments where attackers can be in Bluetooth range. Although no exploits are currently known in the wild, the vulnerability poses a significant risk until mitigations or patches are applied.

1. Restrict Bluetooth Low Energy (BLE) access by configuring the smart watch and paired devices to only allow connections from trusted devices. 2. Disable unnecessary BLE services or features on the Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 to reduce the attack surface. 3. Monitor for firmware updates or security patches from Fire-Boltt and apply them promptly once available. 4. Implement physical security controls to limit attacker proximity to devices, as exploitation requires Bluetooth range access. 5. Educate users about the risks of connecting to unknown or untrusted Bluetooth devices. 6. In environments with high security requirements, consider disabling BLE functionality entirely if not needed. 7. Network administrators should monitor Bluetooth traffic for unusual activity indicative of exploitation attempts. 8. Engage with the vendor to encourage timely patch development and disclosure of mitigation guidance.