Description
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
Published: 2026-04-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in the Bluetooth RFCOMM service of the Parani M10 Motorcycle Intercom running firmware 2.1.3 permits an attacker who can transmit data over Bluetooth to send specially crafted RFCOMM frames that trigger a crash. The crash stops the intercom from functioning, effectively denying the rider the ability to communicate through the device and potentially affecting safety. The crash is caused by buffer overflow conditions (CWE-120) in the RFCOMM frame parsing, allowing an attacker to exploit this weakness to cause the denial of service.

Affected Systems

The vulnerability affects the Parani M10 Motorcycle Intercom with firmware version 2.1.3. No other vendors or products are listed in the CVE details.

Risk and Exploitability

The EPSS score is < 1% and the CVSS score is 6.5, while the vulnerability is not included in CISA’s KEV catalog, indicating a very low exploitation probability. The attack vector is inferred to be Bluetooth, as the description references crafted RFCOMM frames; thus an attacker would need to be in Bluetooth range to send the malicious frames. No other prerequisites or conditions are specified in the description, and the impact can be achieved solely by sending the crafted frames. The lack of an announced exploit means the immediate risk is uncertain, but devices running the vulnerable firmware remain at risk until a fix is applied.

Generated by OpenCVE AI on May 10, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or block the Bluetooth RFCOMM service, or restrict pairing to trusted devices only.
  • Monitor the intercom for repeated crashes and report incidents to the vendor.
  • Follow any vendor advisories or release notes closely for a fix when released.

Generated by OpenCVE AI on May 10, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Crafted Bluetooth RFCOMM Frames in Parani M10 Intercom

Sun, 10 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Bluetooth RFCOMM Denial of Service in Parani M10 Intercom
Weaknesses CWE-119
CWE-20

Sun, 10 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Bluetooth RFCOMM Denial of Service in Parani M10 Intercom
Weaknesses CWE-119
CWE-20

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Parani
Parani m10 Motorcycle Intercom
Vendors & Products Parani
Parani m10 Motorcycle Intercom

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
References

Subscriptions

Parani M10 Motorcycle Intercom
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-10T20:03:40.835Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31280

cve-icon Vulnrichment

Updated: 2026-04-14T15:23:17.378Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T21:16:24.143

Modified: 2026-05-10T21:16:28.683

Link: CVE-2026-31280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T00:00:06Z

Weaknesses