CVE-2021-34150 - OpenCVE

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bluetrum	Ab5301a Ab5301a Firmware

Configuration 1 [-]

AND

cpe:2.3:h:bluetrum:ab5301a:-:*:*:*:*:*:*:*

cpe:2.3:o:bluetrum:ab5301a_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.bluetrum.com/product/ab5301a.html
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T05:59:31

Updated: 2024-08-04T00:05:52.495Z

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-34150

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-09-07T06:15:08.013

Modified: 2021-09-10T15:16:35.510

Link: CVE-2021-34150

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T05:59:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-34150", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.bluetrum.com/product/ab5301a.html", "refsource": "MISC", "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:05:52.495Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-34150", "datePublished": "2021-09-07T05:59:31", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2024-08-04T00:05:52.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:bluetrum:ab5301a:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8D14A4A-F8B1-4B03-919D-98D258818199", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:bluetrum:ab5301a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5A6CE56-F26F-4934-A90C-F7E5839B745B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic en los dispositivos Bluetrum AB5301A con versiones de firmware desconocidas no maneja apropiadamente la recepci\u00f3n de paquetes LMP DM1 de gran tama\u00f1o mientras no presenta otras conexiones BT activas, permitiendo a atacantes en el rango de radio impedir nuevas conexiones BT (deshabilitando los procedimientos de consulta y exploraci\u00f3n de p\u00e1ginas del AB5301A) por medio de un paquete LMP dise\u00f1ado. El usuario necesita llevar a cabo manualmente un ciclo de alimentaci\u00f3n (reinicio) del dispositivo para restaurar la conectividad BT"}], "id": "CVE-2021-34150", "lastModified": "2021-09-10T15:16:35.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T06:15:08.013", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}