Vulnerability Description
The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (either restart or deadlock the device) by flooding a device with LMP_AU_rand data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mi | Mi True Wireless Earbuds Basic 2 Firmware | - |
| Mi | Mi True Wireless Earbuds Basic 2 | - |
| Bluetrum | Ab5376T Firmware | - |
| Bluetrum | Ab5376T | - |
| Bluetrum | Bt8896A Firmware | - |
| Bluetrum | Bt8896A | - |
References
- http://www.bluetrum.com/product/ab5376t.htmlProductVendor Advisory
- http://www.bluetrum.com/product/bt8896a.htmlProductVendor Advisory
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfBroken Link
- https://www.mi.com/global/mi-true-wireless-earbuds-basic-2/Not Applicable
- http://www.bluetrum.com/product/ab5376t.htmlProductVendor Advisory
- http://www.bluetrum.com/product/bt8896a.htmlProductVendor Advisory
- https://dl.packetstormsecurity.net/papers/general/braktooth.pdfBroken Link
- https://www.mi.com/global/mi-true-wireless-earbuds-basic-2/Not Applicable
FAQ
What is CVE-2021-31610?
CVE-2021-31610 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service...
How severe is CVE-2021-31610?
CVE-2021-31610 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31610?
Check the references section above for vendor advisories and patch information. Affected products include: Mi Mi True Wireless Earbuds Basic 2 Firmware, Mi Mi True Wireless Earbuds Basic 2, Bluetrum Ab5376T Firmware, Bluetrum Ab5376T, Bluetrum Bt8896A Firmware.