Description

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP_AU_Rand packets after paging procedure. User intervention is required to restart the device.

Related CPE's

o

zh-jieli

fw-ac63_bt_sdk

1.0.0

Vulnerable

h

zh-jieli

ac6936

-

h

zh-jieli

ac6951

-

h

zh-jieli

ac6952

-

h

zh-jieli

ac6954

-

h

zh-jieli

ac6955

-

h

zh-jieli

ac6956

-

h

zh-jieli

ac6963

-

h

zh-jieli

ac6965

-

h

zh-jieli

ac6966

-

h

zh-jieli

ac6969

-

h

zh-jieli

ac6973

-

h

zh-jieli

ac6976

-

h

zh-jieli

ac6983

-

h

zh-jieli

ac6986

-

References

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

Broken Link

https://github.com/Jieli-Tech/fw-AC63_BT_SDK

Third Party Advisory

https://launchstudio.bluetooth.com/ListingDetails/91371

Third Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-09-07T07:15:07.237

3 years ago

Last modified

2021-09-14T13:57:22.913

3 years ago