Cybersecurity specialists report the detection of 7 vulnerabilities in the Xiaomi MDZ-36-DB Bluetooth speakers. According to the report, the successful exploitation of these flaws would allow the deployment of multiple attack variants.
Below are brief reports of the flaws found in addition to their respective identification keys and scores assigned by the Common Vulnerability Scoring System (CVSS).
CVE-2021-28139: The Bluetooth Classic implementation does not adequately restrict the feature page when receiving an LMP Feature Response Extended package, so remote threat actors could use a specially crafted extended function bit field payload.
The flaw received a CVSS score of 8.1/10 and its successful exploitation would allow full compromise of the affected system.
CVE-2021-28136: Bluetooth Classic does not properly handle the receipt of multiple packets LMP_IO_Capability_req during the pairing process, so remote hackers could send a specially crafted LMP packet, lead to memory corruption, and trigger a denial of service (DoS) condition.
This flaw received a CVSS score of 6/10.
CVE-2021-28135: The Bluetooth Classic implementation does not adequately handle the reception of unsolicited continuous LMP responses, allowing remote hackers to send LMP function response data and trigger DoS attacks.
This is a flaw of medium severity and received a CVSS score of 6/10.
CVE-2021-28155: The Bluetooth Classic implementation does not adequately handle the reception of unsolicited continuous LMP responses, so remote threat actors could send LMP function response data and perform DoS attacks.
This vulnerability received a CVSS score of 6/10.
CVE-2021-31717: Bluetooth Classic does not properly handle the reception of unsolicited continuous LMP responses, so remote hackers could deploy DoS attacks.
This flaw received a CVSS score of 6/10.
CVE-2021-31785: Bluetooth Classic does not properly handle the reception of multiple LMP_host_connection_req, which would allow remote threat actors to pass a specially crafted input to the application and perform DoS attacks.
This is a medium-severity flaw and received a CVSS score of 6/10.
CVE-2021-31786: The Bluetooth Classic Audio implementation could mistakenly handle connection attempts from a host with the same BDA address as the currently connected BT host. Remote threat actors could pass specially crafted inputs to the affected system, generating DoS conditions.
This vulnerability received a CVSS score of 6/10.
Due to the nature of the affected products, it is difficult for flaws to be addressed. However, cybersecurity experts have not detected active exploitation attempts.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.