VYPR
Medium severity4.8NVD Advisory· Published Oct 25, 2021· Updated Jun 17, 2026

CVE-2021-40526

CVE-2021-40526

Description

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike

Affected products

2
  • Peleton/TTR01description
  • Peleton/TTR01llm-fuzzy
    Range: <=PTV55G

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.