Bluetooth Classic Audio Disconnection Vulnerability in Actions Devices
CVE-2021-31786

6.5MEDIUM

Key Information:

Vendor

Actions-semi

Status
Ats2819p Firmware
Vendor
CVE Published:
7 September 2021

What is CVE-2021-31786?

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices contains a flaw that permits an attacker to initiate a connection using a counterfeit BDAddress that matches the address of an already connected host. This manipulative action can lead to a disconnection and potential deadlock of the devices, compromising their functionality and overall security.

References

https://www.actions-semi.com/index.php?id=3581&siteId=4
x_refsource_MISC
https://launchstudio.bluetooth.com/ListingDetails/76427
x_refsource_MISC
https://dl.packetstormsecurity.net/papers/general/braktoo...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.