CVE-2021-28155

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
jbltune500bt_firmware
-
𝑥
= Vulnerable software versions
References
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.jbl.com.sg/over-ear-headphones/JBL+TUNE500BT.html
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.jbl.com.sg/over-ear-headphones/JBL+TUNE500BT.html