First published: Tue Sep 07 2021(Updated: )
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zh-jieli Ac6901 Firmware | ||
Zh-jieli Ac6901 | ||
Zh-jieli Ac6925 Firmware | ||
Zh-jieli Ac6925 | ||
Zh-jieli Ac6926 Firmware | ||
Zh-jieli Ac6926 | ||
Zh-jieli Ac6928 Firmware | ||
Zh-jieli Ac6928 | ||
Zh-jieli Ac6921 Firmware | ||
Zh-jieli Ac6921 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31611 is a vulnerability in the Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices that allows attackers in radio range to deadlock a device via a crafted LMP packet.
CVE-2021-31611 affects Zhuhai Jieli AC690X and AC692X devices by allowing attackers in radio range to deadlock the device using a specially crafted LMP packet.
The severity of CVE-2021-31611 is medium with a CVSS score of 5.7.
To mitigate CVE-2021-31611, users of affected Zhuhai Jieli AC690X and AC692X devices need to manually reboot the device.
More information about CVE-2021-31611 can be found on the Zhuhai Jieli website, Packet Storm Security, and the Bluetooth Launch Studio website.