CVE-2021-31612
Last modified
CVE-2021-31612 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Zh-Jieli | Ac6901 Firmware | All versions |
| Zh-Jieli | Ac690n Firmware | All versions |
| Zh-Jieli | Ac692n Firmware | All versions |
| Zh-Jieli | Ac6902 Firmware | All versions |
| Zh-Jieli | Ac6903 Firmware | All versions |
| Zh-Jieli | Ac6905 Firmware | All versions |
| Zh-Jieli | Ac6904 Firmware | All versions |
| Zh-Jieli | Ac6907 Firmware | All versions |
| Zh-Jieli | Ac6908 Firmware | All versions |
| Zh-Jieli | Ac6997 Firmware | All versions |
| Zh-Jieli | Ac6998 Firmware | All versions |
| Zh-Jieli | Ac6999 Firmware | All versions |
References
- http://www.zh-jieli.com/product/68-cn.htmlProduct, Vendor Advisory
- https://launchstudio.bluetooth.com/ListingDetails/19746Third Party Advisory
- http://www.zh-jieli.com/product/68-cn.htmlProduct, Vendor Advisory
- https://launchstudio.bluetooth.com/ListingDetails/19746Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-31612?
How severe is CVE-2021-31612?
How do I fix CVE-2021-31612?
Are you affected by CVE-2021-31612?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST