CVE-2021-31610

The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
mimi_true_wireless_earbuds_basic_2_firmware
-
bluetrumab5376t_firmware
-
bluetrumbt8896a_firmware
-
𝑥
= Vulnerable software versions
References
http://www.bluetrum.com/product/ab5376t.html
http://www.bluetrum.com/product/bt8896a.html
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.mi.com/global/mi-true-wireless-earbuds-basic-2/
http://www.bluetrum.com/product/ab5376t.html
http://www.bluetrum.com/product/bt8896a.html
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.mi.com/global/mi-true-wireless-earbuds-basic-2/