CVE-2021-31612

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure, allowing attackers in radio range to trigger a deadlock via a crafted LMP packet.

CVSS v3 6.5 MEDIUM
CVSS v2.0 6.1 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 6.5 / Impact : 6.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.zh-jieli.com/product/68-cn.html	Product Vendor Advisory
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf	Broken Link
https://launchstudio.bluetooth.com/ListingDetails/19746	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zh-jieli:ac6901_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6901:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zh-jieli:ac690n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac690n:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zh-jieli:ac692n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac692n:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:zh-jieli:ac6902_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6902:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:zh-jieli:ac6903_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6903:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:zh-jieli:ac6905_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6905:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:zh-jieli:ac6904_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6904:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:zh-jieli:ac6907_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6907:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:zh-jieli:ac6908_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6908:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:zh-jieli:ac6997_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6997:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:zh-jieli:ac6998_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6998:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:zh-jieli:ac6999_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:zh-jieli:ac6999:-:*:*:*:*:*:*:*

History

15 Sep 2021, 00:02

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.1 v3 : 6.5
References	~~(MISC) http://www.zh-jieli.com/product/68-cn.html -~~	(MISC) http://www.zh-jieli.com/product/68-cn.html - Product, Vendor Advisory
References	~~(MISC) https://dl.packetstormsecurity.net/papers/general/braktooth.pdf -~~	(MISC) https://dl.packetstormsecurity.net/papers/general/braktooth.pdf - Broken Link
References	~~(MISC) https://launchstudio.bluetooth.com/ListingDetails/19746 -~~	(MISC) https://launchstudio.bluetooth.com/ListingDetails/19746 - Third Party Advisory
CPE		cpe:2.3:h:zh-jieli:ac6904:-:::::::* cpe:2.3:o:zh-jieli:ac6997_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac6905_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac6908_firmware:-:::::::* cpe:2.3:h:zh-jieli:ac6901:-:::::::* cpe:2.3:h:zh-jieli:ac6999:-:::::::* cpe:2.3:h:zh-jieli:ac690n:-:::::::* cpe:2.3:h:zh-jieli:ac6902:-:::::::* cpe:2.3:o:zh-jieli:ac6902_firmware:-:::::::* cpe:2.3:h:zh-jieli:ac692n:-:::::::* cpe:2.3:o:zh-jieli:ac6904_firmware:-:::::::* cpe:2.3:h:zh-jieli:ac6907:-:::::::* cpe:2.3:h:zh-jieli:ac6908:-:::::::* cpe:2.3:h:zh-jieli:ac6903:-:::::::* cpe:2.3:h:zh-jieli:ac6997:-:::::::* cpe:2.3:o:zh-jieli:ac6999_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac6907_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac6903_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac6901_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac690n_firmware:-:::::::* cpe:2.3:h:zh-jieli:ac6905:-:::::::* cpe:2.3:o:zh-jieli:ac692n_firmware:-:::::::* cpe:2.3:o:zh-jieli:ac6998_firmware:-:::::::* cpe:2.3:h:zh-jieli:ac6998:-:::::::*

07 Sep 2021, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-07 07:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-31612

Mitre link : CVE-2021-31612

CVE.ORG link : CVE-2021-31612

JSON object : View

Products Affected

zh-jieli

ac6998_firmware
ac692n
ac6901
ac690n_firmware
ac6908
ac6907
ac690n
ac6997_firmware
ac6908_firmware
ac692n_firmware
ac6904_firmware
ac6903
ac6907_firmware
ac6999_firmware
ac6999
ac6903_firmware
ac6997
ac6904
ac6998
ac6902
ac6902_firmware
ac6901_firmware
ac6905
ac6905_firmware

CWE

NVD-CWE-noinfo

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.1 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-31612

6.5^/10

6.1^/10

Attach tags to `CVE-2021-31612`