CVE-2021-34143

Name of the Vulnerable Software and Affected Versions Zhuhai Jieli AC6366C DEMO V1.0

Description The Bluetooth Classic implementation does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (deadlock) of the device by flooding it with LMP AU Rand packets after the paging procedure. This issue is also related to buffer overflow errors in the dynamic memory of the device's firmware, which can cause the device to crash and restart when exploited. User intervention is required to restart the device.

Recommendations For Zhuhai Jieli AC6366C DEMO V1.0, as a temporary workaround, consider restricting access to the device when it is not in use to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.