CVE-2019-19194

EUVD-2019-8826

12.02.2020, 15:15

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 63%

Affected Products (NVD)

Vendor	Product	Version
telink-semi	tlsr8258_ble_sdk	𝑥 ≤ 3.4.0
telink-semi	tlsr8269_ble_sdk	𝑥 ≤ 3.3
telink-semi	tlsr8253_ble_sdk	𝑥 ≤ 3.4.0
telink-semi	tlsr8251_ble_sdk	𝑥 ≤ 3.4.0
telink-semi	tlsr8232_ble_sdk	𝑥 ≤ 1.3.0

𝑥

= Vulnerable software versions

Known Exploits!

References

http://www.telink-semi.com/ble

https://asset-group.github.io/disclosures/sweyntooth/

http://www.telink-semi.com/ble

https://asset-group.github.io/disclosures/sweyntooth/