CVE-2021-34144
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/09/2021
Last modified:
09/09/2021
Description
The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:zh-jieli:fw-ac63_bt_sdk:*:*:*:*:*:*:*:* | 0.9.1 (including) | |
| cpe:2.3:h:zh-jieli:ac6936:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6951:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6952:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6954:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6955:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6956:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6963:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6965:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6966:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6969:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6973:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6976:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6983:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:zh-jieli:ac6986:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page