5.4

CVE-2021-20107

Exploit
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SloanOptima Eaf-100 Firmware Version-
   SloanOptima Eaf-100 Version-
SloanOptima Eaf-150 Firmware Version-
   SloanOptima Eaf-150 Version-
SloanOptima Eaf-200 Firmware Version-
   SloanOptima Eaf-200 Version-
SloanOptima Eaf-225 Firmware Version-
   SloanOptima Eaf-225 Version-
SloanOptima Eaf-250 Firmware Version-
   SloanOptima Eaf-250 Version-
SloanOptima Eaf-275 Firmware Version-
   SloanOptima Eaf-275 Version-
SloanOptima Eaf-350 Firmware Version-
   SloanOptima Eaf-350 Version-
SloanOptima Eaf-700 Firmware Version-
   SloanOptima Eaf-700 Version-
SloanOptima Eaf-750 Firmware Version-
   SloanOptima Eaf-750 Version-
SloanOptima Ebf-187 Firmware Version-
   SloanOptima Ebf-187 Version-
SloanOptima Ebf-415 Firmware Version-
   SloanOptima Ebf-415 Version-
SloanOptima Ebf-425 Firmware Version-
   SloanOptima Ebf-425 Version-
SloanOptima Ebf-550 Firmware Version-
   SloanOptima Ebf-550 Version-
SloanOptima Ebf-615 Firmware Version-
   SloanOptima Ebf-615 Version-
SloanOptima Ebf-650 Firmware Version-
   SloanOptima Ebf-650 Version-
SloanOptima Ebf-665 Firmware Version-
   SloanOptima Ebf-665 Version-
SloanOptima Ebf-750 Firmware Version-
   SloanOptima Ebf-750 Version-
SloanOptima Ebf-775 Firmware Version-
   SloanOptima Ebf-775 Version-
SloanOptima Ebf-85 Firmware Version-
   SloanOptima Ebf-85 Version-
SloanOptima Ebf-850 Firmware Version-
   SloanOptima Ebf-850 Version-
SloanOptima Etf-610 Firmware Version-
   SloanOptima Etf-610 Version-
SloanOptima Etf-600 Firmware Version-
   SloanOptima Etf-600 Version-
SloanOptima Etf-410 Firmware Version-
   SloanOptima Etf-410 Version-
SloanOptima Etf-420 Firmware Version-
   SloanOptima Etf-420 Version-
SloanOptima Etf-500 Firmware Version-
   SloanOptima Etf-500 Version-
SloanOptima Etf-660 Firmware Version-
   SloanOptima Etf-660 Version-
SloanOptima Etf-700 Firmware Version-
   SloanOptima Etf-700 Version-
SloanOptima Etf-770 Firmware Version-
   SloanOptima Etf-770 Version-
SloanOptima Etf-80 Firmware Version-
   SloanOptima Etf-80 Version-
SloanOptima Etf-800 Firmware Version-
   SloanOptima Etf-800 Version-
SloanOptima Etf-880 Firmware Version-
   SloanOptima Etf-880 Version-
SloanBasys Efx-300 Firmware Version-
   SloanBasys Efx-300 Version-
SloanBasys Efx-350 Firmware Version-
   SloanBasys Efx-350 Version-
SloanBasys Efx-375 Firmware Version-
   SloanBasys Efx-375 Version-
SloanBasys Efx-377 Firmware Version-
   SloanBasys Efx-377 Version-
SloanBasys Efx-380 Firmware Version-
   SloanBasys Efx-380 Version-
SloanBasys Efx-600 Firmware Version-
   SloanBasys Efx-600 Version-
SloanBasys Efx-650 Firmware Version-
   SloanBasys Efx-650 Version-
SloanBasys Efx-675 Firmware Version-
   SloanBasys Efx-675 Version-
SloanBasys Efx-677 Firmware Version-
   SloanBasys Efx-677 Version-
SloanBasys Efx-680 Firmware Version-
   SloanBasys Efx-680 Version-
SloanBasys Efx-200 Firmware Version-
   SloanBasys Efx-200 Version-
SloanBasys Efx-250 Firmware Version-
   SloanBasys Efx-250 Version-
SloanBasys Efx-275 Firmware Version-
   SloanBasys Efx-275 Version-
SloanBasys Efx-277 Firmware Version-
   SloanBasys Efx-277 Version-
SloanBasys Efx-280 Firmware Version-
   SloanBasys Efx-280 Version-
SloanBasys Efx-100 Firmware Version-
   SloanBasys Efx-100 Version-
SloanBasys Efx-150 Firmware Version-
   SloanBasys Efx-150 Version-
SloanBasys Efx-175 Firmware Version-
   SloanBasys Efx-175 Version-
SloanBasys Efx-177 Firmware Version-
   SloanBasys Efx-177 Version-
SloanBasys Efx-180 Firmware Version-
   SloanBasys Efx-180 Version-
SloanBasys Efx-800 Firmware Version-
   SloanBasys Efx-800 Version-
SloanBasys Efx-850 Firmware Version-
   SloanBasys Efx-850 Version-
SloanSolis 8111 Firmware Version-
   SloanSolis 8111 Version-
SloanSolis 8186 Firmware Version-
   SloanSolis 8186 Version-
SloanSolis Ress-c Firmware Version-
   SloanSolis Ress-c Version-
SloanSolis Ress-u Firmware Version-
   SloanSolis Ress-u Version-
SloanSolis 8152 Firmware Version-
   SloanSolis 8152 Version-
SloanSolis 8195 Firmware Version-
   SloanSolis 8195 Version-
SloanSolis 8115 Firmware Version-
   SloanSolis 8115 Version-
SloanSolis 8110 Firmware Version-
   SloanSolis 8110 Version-
SloanSolis 8180 Firmware Version-
   SloanSolis 8180 Version-
SloanSolis 8113 Firmware Version-
   SloanSolis 8113 Version-
SloanSolis 8137 Firmware Version-
   SloanSolis 8137 Version-
SloanSolis Bpw 8000 Firmware Version-
   SloanSolis Bpw 8000 Version-
SloanSolis 8116 Firmware Version-
   SloanSolis 8116 Version-
SloanSolis 8111 Bt Firmware Version-
   SloanSolis 8111 Bt Version-
SloanSolis 8153 Firmware Version-
   SloanSolis 8153 Version-
SloanSolis 8186 Bt Firmware Version-
   SloanSolis 8186 Bt Version-
SloanSolis Ress-c Bt Firmware Version-
   SloanSolis Ress-c Bt Version-
SloanSolis Ress-u Bt Firmware Version-
   SloanSolis Ress-u Bt Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.226
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 4.8 6.5 4.9
AV:A/AC:L/Au:N/C:P/I:P/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.