Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-28136

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-07 Sep, 2021 | 05:52
Updated At-03 Aug, 2024 | 21:33
Rejected At-
Credits

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:07 Sep, 2021 | 05:52
Updated At:03 Aug, 2024 | 21:33
Rejected At:
▼CVE Numbering Authority (CNA)

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/espressif/esp-idf
x_refsource_MISC
https://github.com/espressif/esp32-bt-lib
x_refsource_MISC
https://www.espressif.com/en/products/socs/esp32
x_refsource_MISC
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp-idf
Resource:
x_refsource_MISC
Hyperlink: https://github.com/espressif/esp32-bt-lib
Resource:
x_refsource_MISC
Hyperlink: https://www.espressif.com/en/products/socs/esp32
Resource:
x_refsource_MISC
Hyperlink: https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/espressif/esp-idf
x_refsource_MISC
x_transferred
https://github.com/espressif/esp32-bt-lib
x_refsource_MISC
x_transferred
https://www.espressif.com/en/products/socs/esp32
x_refsource_MISC
x_transferred
https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/espressif/esp-idf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/espressif/esp32-bt-lib
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.espressif.com/en/products/socs/esp32
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:07 Sep, 2021 | 06:15
Updated At:09 Sep, 2021 | 23:32

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
espressif
espressif
>>esp32>>-
cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*
espressif
espressif
>>esp-idf>>Versions up to 4.4(inclusive)
cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://dl.packetstormsecurity.net/papers/general/braktooth.pdfcve@mitre.org
Technical Description
Third Party Advisory
https://github.com/espressif/esp-idfcve@mitre.org
Product
Third Party Advisory
https://github.com/espressif/esp32-bt-libcve@mitre.org
Product
Third Party Advisory
https://www.espressif.com/en/products/socs/esp32cve@mitre.org
Product
Vendor Advisory
Hyperlink: https://dl.packetstormsecurity.net/papers/general/braktooth.pdf
Source: cve@mitre.org
Resource:
Technical Description
Third Party Advisory
Hyperlink: https://github.com/espressif/esp-idf
Source: cve@mitre.org
Resource:
Product
Third Party Advisory
Hyperlink: https://github.com/espressif/esp32-bt-lib
Source: cve@mitre.org
Resource:
Product
Third Party Advisory
Hyperlink: https://www.espressif.com/en/products/socs/esp32
Source: cve@mitre.org
Resource:
Product
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

60Records found
CVE-2024-6137
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-7.6||HIGH
EPSS-0.15% / 36.24%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 20:06
Updated-17 Sep, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Classic: SDP OOB access in get_att_search_list

BT: Classic: SDP OOB access in get_att_search_list

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-5931
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.3||MEDIUM
EPSS-0.12% / 30.58%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 19:41
Updated-17 Sep, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Unchecked user input in bap_broadcast_assistant

BT: Unchecked user input in bap_broadcast_assistant

Action-Not Available
Vendor-Zephyr Project
Product-zephyrZephyrzephyr
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-46046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 62.99%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 00:00
Updated-20 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh451_firmwarefh451n/afh451_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-46047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.65%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 00:00
Updated-20 Sep, 2024 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh451_firmwarefh451n/afh451_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-44387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.86%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 00:00
Updated-13 Dec, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the functino formWrlExtraGet.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206_firmwarefh1206n/afh1206_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42985
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206_firmwarefh1206n/afh1206_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42955
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.29%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1201_firmwarefh1201n/afh1201_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.75%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206_firmwarefh1206n/afh1206_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found