CVE-2021-31612

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://launchstudio.bluetooth.com/ListingDetails/19746	Third Party Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Broken Link
http://www.zh-jieli.com/product/68-cn.html	Product Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zh-jieli:ac6901_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6901:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zh-jieli:ac690n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac690n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zh-jieli:ac692n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac692n:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zh-jieli:ac6902_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6902:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zh-jieli:ac6903_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6903:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zh-jieli:ac6905_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6905:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zh-jieli:ac6904_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6904:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zh-jieli:ac6907_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6907:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zh-jieli:ac6908_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6908:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zh-jieli:ac6997_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6997:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zh-jieli:ac6998_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6998:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zh-jieli:ac6999_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6999:-:*:*:*:*:*:*:*

Information

Published : 2021-09-07 00:15

Updated : 2021-09-14 17:02

NVD link : CVE-2021-31612

Mitre link : CVE-2021-31612

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

zh-jieli

ac6903
ac692n_firmware
ac6905
ac6907_firmware
ac6998
ac690n_firmware
ac6901_firmware
ac6997_firmware
ac6904
ac6902
ac6908_firmware
ac692n
ac6999_firmware
ac6904_firmware
ac6998_firmware
ac6908
ac6999
ac6905_firmware
ac6903_firmware
ac6997
ac6902_firmware
ac690n
ac6901
ac6907

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-31612

6.5^/10

6.1^/10

Attach tags to `CVE-2021-31612`