CVE-2021-28155

Name of the Vulnerable Software and Affected Versions JBL TUNE500BT devices (affected versions not specified) ESP32 series modules (affected versions not specified)

Description The issue is related to the Bluetooth Classic implementation, which does not properly handle certain data. This can allow an attacker to trigger a denial of service, shutting down a device by flooding it with LMP Feature Response data. The attacker must be within radio range to exploit this issue.

Recommendations For JBL TUNE500BT devices, restrict access to the device when not in use to minimize the risk of exploitation. For ESP32 series modules, avoid using the Bluetooth Classic implementation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.