Vulnerabilities > CVE-2021-28155 - Unspecified vulnerability in JBL Tune500Bt Firmware

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

low complexity

jbl

NVD

Published: 2021-09-07

Updated: 2021-09-09

Summary

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.

Vulnerable Configurations

Part	Description	Count
OS	Jbl JBL Tune500Bt Firmware -	1
Hardware	Jbl JBL Tune500Bt -	1

References

https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
https://www.jbl.com.sg/over-ear-headphones/JBL+TUNE500BT.html