An unauthenticated bug in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR‑B30A sound bar allows a nearby attacker to establish a BLE connection without any authentication using the Sound Bar Remote protocol. The flaw permits the attacker to send control commands to the device, potentially changing volume, input source, or other settings without user consent. The vulnerability could lead to disruption of audio services or enable further exploitation if the device is connected to other systems or networks. This issue is an authentication failure (CWE‑287) and weak access control (CWE‑284) vulnerability.

Yamaha SR‑B30A sound bar with firmware version 2.40 and the accompanying Mobile App: Sound Bar Remote / version 2.40. The flaw is active when the BLE radio is broadcasting and the app or device is within range, which typically spans up to a few dozen meters.

The risk is moderate because the attack requires physical proximity to the sound bar. The CVSS score is 6.5, indicating moderate severity. The EPSS score indicates a low (<1%) probability of exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector is local via BLE and does not need network connectivity, but it provides unauthorized control of the device once a connection is established. This could be used for denial of service or for injecting unwanted commands into the audio experience.