Vulnerability Details CVE-2021-31611
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.2%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 3.3
References
- http://www.zh-jieli.com/product/68-cn.html
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
- https://launchstudio.bluetooth.com/ListingDetails/19746
- https://launchstudio.bluetooth.com/ListingDetails/58628
- http://www.zh-jieli.com/product/68-cn.html
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
- https://launchstudio.bluetooth.com/ListingDetails/19746
- https://launchstudio.bluetooth.com/ListingDetails/58628
Products affected by CVE-2021-31611
-
cpe:2.3:h:zh-jieli:ac6901:-
-
cpe:2.3:h:zh-jieli:ac6921:-
-
cpe:2.3:h:zh-jieli:ac6925:-
-
cpe:2.3:h:zh-jieli:ac6926:-
-
cpe:2.3:h:zh-jieli:ac6928:-
-
cpe:2.3:o:zh-jieli:ac6901_firmware:-
-
cpe:2.3:o:zh-jieli:ac6921_firmware:-
-
cpe:2.3:o:zh-jieli:ac6925_firmware:-
-
cpe:2.3:o:zh-jieli:ac6926_firmware:-
-
cpe:2.3:o:zh-jieli:ac6928_firmware:-