CVE-2021-34150 - OpenCVE

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:A/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bluetrum	Ab5301a Firmware Ab5301a

Configuration 1 [-]

AND

cpe:2.3:o:bluetrum:ab5301a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bluetrum:ab5301a:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.bluetrum.com/product/ab5301a.html	Product Vendor Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T05:59:31

Updated: 2021-09-07T05:59:31

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-34150

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-07T06:15:08.013

Modified: 2021-09-10T15:16:35.510

Link: CVE-2021-34150

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-07T05:59:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"tags": ["x_refsource_MISC"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-34150", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.bluetrum.com/product/ab5301a.html", "refsource": "MISC", "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"name": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf", "refsource": "MISC", "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-34150", "datePublished": "2021-09-07T05:59:31", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2021-09-07T05:59:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bluetrum:ab5301a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5A6CE56-F26F-4934-A90C-F7E5839B745B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bluetrum:ab5301a:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8D14A4A-F8B1-4B03-919D-98D258818199", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity."}, {"lang": "es", "value": "Una implementaci\u00f3n de Bluetooth Classic en los dispositivos Bluetrum AB5301A con versiones de firmware desconocidas no maneja apropiadamente la recepci\u00f3n de paquetes LMP DM1 de gran tama\u00f1o mientras no presenta otras conexiones BT activas, permitiendo a atacantes en el rango de radio impedir nuevas conexiones BT (deshabilitando los procedimientos de consulta y exploraci\u00f3n de p\u00e1ginas del AB5301A) por medio de un paquete LMP dise\u00f1ado. El usuario necesita llevar a cabo manualmente un ciclo de alimentaci\u00f3n (reinicio) del dispositivo para restaurar la conectividad BT"}], "id": "CVE-2021-34150", "lastModified": "2021-09-10T15:16:35.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-07T06:15:08.013", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://www.bluetrum.com/product/ab5301a.html"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://dl.packetstormsecurity.net/papers/general/braktooth.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}