Description
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
Published: 2026-04-13
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

An issue in the Bluetooth RFCOMM service of the Parani M10 Motorcycle Intercom running firmware 2.1.3 permits an attacker who can transmit data over Bluetooth to send specially crafted RFCOMM frames that trigger a crash. The crash stops the intercom from functioning, effectively denying the rider the ability to communicate through the device and potentially affecting safety.

Affected Systems

The vulnerability affects the Parani M10 Motorcycle Intercom with firmware version 2.1.3. No other vendors or products are listed in the CVE details.

Risk and Exploitability

The EPSS score is not provided and the vulnerability is not included in CISA’s KEV catalog, so publicly available data on exploitation frequency is lacking. The attack vector is inferred to be Bluetooth, as the description references crafted RFCOMM frames; thus an attacker would need to be in Bluetooth range to send the malicious frames. No other prerequisites or conditions are specified in the description, and the impact can be achieved solely by sending the crafted frames. The lack of an announced exploit means the immediate risk is uncertain, but devices running the vulnerable firmware remain at risk until a fix is applied.

Generated by OpenCVE AI on April 13, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the intercom firmware to the latest version that addresses the RFCOMM crash.
  • If an update is unavailable, disable or block the Bluetooth RFCOMM service or restrict Bluetooth pairing to trusted devices only.
  • Monitor the intercom for repeated crashes and report incidents to the vendor.
  • Follow any vendor advisories or release notes closely for a fix.

Generated by OpenCVE AI on April 13, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Bluetooth RFCOMM Denial of Service in Parani M10 Intercom
Weaknesses CWE-119
CWE-20

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Parani
Parani m10 Motorcycle Intercom
Vendors & Products Parani
Parani m10 Motorcycle Intercom

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
References

Subscriptions

Parani M10 Motorcycle Intercom
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T15:23:22.851Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31280

cve-icon Vulnrichment

Updated: 2026-04-14T15:23:17.378Z

cve-icon NVD

Status : Received

Published: 2026-04-13T21:16:24.143

Modified: 2026-04-13T21:16:24.143

Link: CVE-2026-31280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:35:34Z

Weaknesses