Japan Vulnerability NotesJVN:67447798JVN#67447798: Multiple SONY Wireless Headphones allow improper Bluetooth pairing
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.3%
Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing(CWE-306).
Impact
When using the product, someone within the Bluetooth range may make the Bluetooth pairing and operate such as changing volume of the product.
Solution
Update the Firmware
Update the firmware to the latest version according to the information privided by the developer.
The developer provides the firmware version 4.5.2 to fix this vulnerability.
Products Affected
The following products with firmware versions prior to 4.5.2 are affected.
- WF-1000X
- WF-SP700N
- WH-1000XM2
- WH-1000XM3
- WH-CH700N
- WH-H900N
- WH-XB700
- WH-XB900N
- WI-1000X
- WI-C600N
- WI-SP600N
Related
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.3%