1. Home
  2. CVE Database
  3. CVE-2021-20107
MEDIUM · 5.4

CVE-2021-20107

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kine...

Vulnerability Description

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
SloanOptima Eaf-100 Firmware-
SloanOptima Eaf-100-
SloanOptima Eaf-150 Firmware-
SloanOptima Eaf-150-
SloanOptima Eaf-200 Firmware-
SloanOptima Eaf-200-
SloanOptima Eaf-225 Firmware-
SloanOptima Eaf-225-
SloanOptima Eaf-250 Firmware-
SloanOptima Eaf-250-
SloanOptima Eaf-275 Firmware-
SloanOptima Eaf-275-
SloanOptima Eaf-350 Firmware-
SloanOptima Eaf-350-
SloanOptima Eaf-700 Firmware-
SloanOptima Eaf-700-
SloanOptima Eaf-750 Firmware-
SloanOptima Eaf-750-
SloanOptima Ebf-187 Firmware-
SloanOptima Ebf-187-

Related Weaknesses (CWE)

CWE-306

References

FAQ

What is CVE-2021-20107?

CVE-2021-20107 is a vulnerability with a CVSS score of 5.4 (MEDIUM). There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kine...

How severe is CVE-2021-20107?

CVE-2021-20107 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20107?

Check the references section above for vendor advisories and patch information. Affected products include: Sloan Optima Eaf-100 Firmware, Sloan Optima Eaf-100, Sloan Optima Eaf-150 Firmware, Sloan Optima Eaf-150, Sloan Optima Eaf-200 Firmware.