CVE-2021-31612

Description

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.

Related CPE's

ozh-jieliac6901_firmware-*******

vulnerable

hzh-jieliac6901-*******

ozh-jieliac690n_firmware-*******

vulnerable

hzh-jieliac690n-*******

ozh-jieliac692n_firmware-*******

vulnerable

hzh-jieliac692n-*******

ozh-jieliac6902_firmware-*******

vulnerable

hzh-jieliac6902-*******

ozh-jieliac6903_firmware-*******

vulnerable

hzh-jieliac6903-*******

References

https://launchstudio.bluetooth.com/ListingDetails/19746

Third Party Advisory

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Broken Link

http://www.zh-jieli.com/product/68-cn.html

ProductVendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

ADJACENT_NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

6.5

VectorString

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

COMPLETE

IntegrityImpact

NONE

BaseScore

6.1

VectorString

AV:A/AC:L/Au:N/C:N/I:N/A:C

Version

2.0

AccessVector

ADJACENT_NETWORK

Authentication

NONE

Created by Yello
About Severity.io