CVE-2021-20107

Name of the Vulnerable Software and Affected Versions: Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS (affected versions not specified)

Description: The issue concerns an unauthenticated BLE Interface in Sloan SmartFaucets. This allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device, controlling aspects such as the flow of water, sensor sensitivity, and maintenance information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.