CVE-2021-31786

Name of the Vulnerable Software and Affected Versions Actions ATS2815 and ATS2819 devices (affected versions not specified)

Description The issue arises from insufficient input validation in the Bluetooth Classic firmware of the devices. This can be exploited by a remote attacker to cause a denial of service through a crafted LMP packet. Specifically, the Bluetooth Classic Audio implementation does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.