CVE-2020-26557

Removed by vendor...

CVE-2020-26557

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol to determine the AuthValue via a brute-force attack unless the AuthValue is sufficiently random and changed each time...

CVE-2020-26557

CVE-2020-26557 : Bluetooth Mesh Provisioning in Bluetooth Mesh profile 1.0/1.0.1 allows a nearby device, without the AuthValue, to brute-force or deduce the AuthValue used in provisioning if the AuthValue is not sufficiently random or is reused. This can enable an attacker to complete provisionin...

CVE-2020-26559

Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device participating in the provisioning protocol to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could...

CVE-2020-26559

CVE-2020-26559 (Bluetooth Mesh Provisioning) affects Bluetooth Mesh provisioning (Mesh profile 1.0/1.0.1). A nearby attacker participating in the provisioning protocol can identify the AuthValue and the provisioning device’s confirmation number and nonce, potentially enabling provisioning complet...

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure

Overview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description The Bluetooth Core Specification and Mesh Profile Specification are t...