VYPR
Vendor

Bluetooth SIG

Products
2
CVEs
13
Across products
13
Status
Private

Products

2

Recent CVEs

13
  • CVE-2021-37577MedOct 1, 2024
    risk 0.44cvss 6.8epss 0.00

    Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a…

  • CVE-2020-15802Sep 11, 2020
    risk 0.04cvss epss 0.07

    Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace…

  • CVE-2023-24023Nov 28, 2023
    risk 0.00cvss epss 0.01

    Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka…

  • CVE-2022-24695Jun 2, 2023
    risk 0.00cvss epss 0.00

    Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC…

  • CVE-2022-25837Dec 12, 2022
    risk 0.00cvss epss 0.00

    Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code…

  • CVE-2022-25836Dec 12, 2022
    risk 0.00cvss epss 0.00

    Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure…

  • CVE-2021-31615Jun 25, 2021
    risk 0.00cvss epss 0.00

    Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve…

  • CVE-2020-26555May 24, 2021
    risk 0.00cvss epss 0.01

    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

  • CVE-2020-26556May 24, 2021
    risk 0.00cvss epss 0.01

    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable…

  • CVE-2020-26557May 24, 2021
    risk 0.00cvss epss 0.01

    Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each…

  • CVE-2020-26558May 24, 2021
    risk 0.00cvss epss 0.01

    Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication…

  • CVE-2020-26559May 24, 2021
    risk 0.00cvss epss 0.01

    Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning…

  • CVE-2020-26560May 24, 2021
    risk 0.00cvss epss 0.01

    Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.