Vulnerability Description
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Silabs | Iwrap | <= 6.3.0 |
| Silabs | Wt32I-A | - |
References
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical DescriptionThird Party Advisory
- https://www.silabs.com/wireless/bluetooth/bluegiga-classic-legacy-modules/deviceProductVendor Advisory
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfTechnical DescriptionThird Party Advisory
- https://www.silabs.com/wireless/bluetooth/bluegiga-classic-legacy-modules/deviceProductVendor Advisory
FAQ
What is CVE-2021-31609?
CVE-2021-31609 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range ...
How severe is CVE-2021-31609?
CVE-2021-31609 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31609?
Check the references section above for vendor advisories and patch information. Affected products include: Silabs Iwrap, Silabs Wt32I-A.