Vulnerabilities > Bluetooth > Low

DATE CVE VULNERABILITY TITLE RISK
2021-06-25 CVE-2021-31615 Race Condition vulnerability in Bluetooth Core Specification
Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening device before the transmitting device initiates its packet transmission to achieve full MITM status without terminating the link.
2.9
2021-05-24 CVE-2020-26557 Improper Authentication vulnerability in Bluetooth Mesh Profile 1.0.0/1.0.1
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).
2.9
2021-05-24 CVE-2020-26556 Improper Restriction of Excessive Authentication Attempts vulnerability in Bluetooth Core Specification and Mesh Profile
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.
2.9