PT-2021-4303 · Zhuhai Jieli · Ac692X+1

Published

2021-09-07

Updated

2022-05-03

CVE-2021-31611

CVSS v2.0

3.3

Low

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Zhuhai Jieli AC690X and AC692X devices (affected versions not specified)

Description The Bluetooth Classic implementation does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication. This issue exists due to insufficient input validation in the Bluetooth Classic implementation.

Recommendations For Zhuhai Jieli AC690X and AC692X devices, as a temporary workaround, consider restricting access to the Bluetooth Classic implementation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Locking

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-20

Related Identifiers

BDU:2021-04912

CVE-2021-31611

Affected Products

Ac690X

Ac692X

PT-2021-4303 · Zhuhai Jieli · Ac692X+1

CVE-2021-31611

Weakness Enumeration

Related Identifiers

Affected Products

References · 7