Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34150

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

Published

2021-09-07T06:15:08.013

Last Modified

2024-11-21T06:09:57.763

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

6.5

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	bluetrum	ab5301a_firmware	-	Yes
Hardware	bluetrum	ab5301a	-	No

References

http://www.bluetrum.com/product/ab5301a.html Product, Vendor Advisory ([email protected])
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf Technical Description, Third Party Advisory ([email protected])
http://www.bluetrum.com/product/ab5301a.html Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)