6.5
CVE-2021-31786
- EPSS 0.1%
- Veröffentlicht 07.09.2021 07:15:07
- Zuletzt bearbeitet 21.11.2024 06:06:13
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by connecting with a forged BDAddress that matches the original connected host.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Actions-semi ≫ Ats2819p Firmware Version-
Actions-semi ≫ Ats2815 Firmware Version-
Actions-semi ≫ Ats2819 Firmware Version-
Actions-semi ≫ Ats2819s Firmware Version-
Actions-semi ≫ Ats2819t Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.254 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 6.1 | 6.5 | 6.9 |
AV:A/AC:L/Au:N/C:N/I:N/A:C
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.