Design/Logic Flaw

2021-09-0706:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.3%

JSON

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections are active, allowing attackers in radio range to prevent new BT connections (disabling the AB5301A inquiry and page scan procedures) via a crafted LMP packet. The user needs to manually perform a power cycle (restart) of the device to restore BT connectivity.

CPENameOperatorVersion
fw-ac63_bt_sdkle0.9.1

CPE	Name	Operator	Version
	fw-ac63_bt_sdk	le	0.9.1

References

dl.packetstormsecurity.net/papers/general/braktooth.pdf

github.com/Jieli-Tech/fw-AC63_BT_SDK

launchstudio.bluetooth.com/ListingDetails/91371