CVE-2026-2065
Unknown Unknown - Not Provided
Missing Authentication in Flycatcher Toys BLE Interface (Local Attack

Publication date: 2026-02-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2026-02-06
EPSS Evaluated
2026-05-25
NVD
CVE-2026-2065
EUVD
EUVD-2026-5594
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flycatcher smart_pixelator_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2026-2065 is a security vulnerability in the Flycatcher Toys smART Pixelator 2.0, specifically in its Bluetooth Low Energy (BLE) interface. The device's BLE interface lacks any authentication, allowing any nearby Bluetooth device to connect and send commands without pairing, PIN, or user verification."}, {'type': 'paragraph', 'content': "This means an attacker within Bluetooth range can control the device, upload arbitrary messages and images that are displayed on the LED grid, and manipulate device functions without the user's knowledge or consent."}, {'type': 'paragraph', 'content': 'Although the device has a mobile app that requires authentication, this app does not secure the BLE interface itself, which accepts connections from any client, bypassing the app entirely.'}] [2, 4]


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker within Bluetooth range to take control of the smART Pixelator 2.0 device without authentication.'}, {'type': 'list_item', 'content': "Attackers can upload and display inappropriate or malicious content on the device's LED grid."}, {'type': 'list_item', 'content': "The device can be manipulated without user knowledge, potentially causing distress or harm especially since it is a children's toy."}, {'type': 'list_item', 'content': 'The confidentiality, integrity, and availability of the device are compromised.'}, {'type': 'list_item', 'content': "Users may have a false sense of security due to the mobile app's authentication, while the BLE interface remains unprotected."}, {'type': 'paragraph', 'content': 'Because the attack requires local Bluetooth access, it is limited to attackers physically nearby.'}] [2, 4]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability affects the Bluetooth Low Energy (BLE) interface of the Flycatcher Toys smART Pixelator 2.0, specifically a writable BLE characteristic with UUID 0000ffe6-0000-1000-8000-00805f9b34fb that accepts connections without authentication.'}, {'type': 'paragraph', 'content': 'Detection can involve scanning for BLE devices in range and checking for the presence of this specific characteristic UUID on devices identified as smART Pixelator 2.0.'}, {'type': 'paragraph', 'content': "Commands using common BLE tools such as 'bluetoothctl' or 'gatttool' on Linux can be used to scan and connect to BLE devices, then query their characteristics. For example:"}, {'type': 'list_item', 'content': "Use 'bluetoothctl' to scan for devices: `scan on`"}, {'type': 'list_item', 'content': 'Identify the device MAC address corresponding to the smART Pixelator.'}, {'type': 'list_item', 'content': "Use 'gatttool' to connect and list characteristics: `gatttool -b <MAC_ADDRESS> --characteristics`"}, {'type': 'list_item', 'content': 'Check for the writable characteristic UUID 0000ffe6-0000-1000-8000-00805f9b34fb.'}, {'type': 'paragraph', 'content': 'Additionally, a proof-of-concept exploit script is publicly available on GitHub which can be used to test the vulnerability by attempting to write arbitrary data to the device.'}] [2, 4, 1]


What immediate steps should I take to mitigate this vulnerability?

Currently, no official patches or updates are available from the vendor to fix this vulnerability.

Immediate mitigation steps include:

  • Restrict physical and Bluetooth access to the affected devices by limiting Bluetooth range or disabling Bluetooth when not in use.
  • Avoid placing the affected devices in environments where unauthorized users can connect via Bluetooth.
  • Consider replacing the affected Flycatcher Toys smART Pixelator 2.0 devices with alternative products that do not have this vulnerability.

Since the vulnerability requires local network or Bluetooth proximity access, controlling physical access and Bluetooth connectivity is critical.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart