Cybersecurity specialists report the detection of multiple vulnerabilities in the JBL TUNE500BT Bluetooth headset, one of the most popular models produced by the technology firm Harman International Industries. According to the report, the successful exploitation of the reported flaws allows threat actors to deploy all kinds of dangerous cyberattacks.
Below are brief reports of the detected flaws in addition to their respective tracking keys and scores assigned by the Common Vulnerability Scoring System (CVSS).
CVE-2021-28139: The Bluetooth Classic implementation does not adequately restrict the Features page upon receiving an LMP Feature Response Extended packet, which would allow remote attackers within Bluetooth signal range to use an extended function bits field payload against the affected user.
This vulnerability received a CVSS score of 8.1/10 and its successful exploitation would allow remote hackers to execute arbitrary code on the target system.
CVE-2021-28136: The Bluetooth Classic implementation does not adequately handle the reception of packets LMP_IO_Capability_req during the pairing process. Remote threat actors within range of the device could send specially crafted LMP packets to generate memory corruption and deploy denial-of-service (DoS) attacks on the affected system.
This flaw received a CVSS score of 6/10, cybersecurity experts note.
CVE-2021-28135: The Bluetooth Classic implementation does not adequately handle the reception of unsolicited continuous LMP responses, which would allow threat actors to send LMP functions response data and deploy DoS attacks.
This is a medium-severity vulnerability and received a CVSS score of 6/10.
CVE-2021-28155: Bluetooth Classic does not properly handle the reception of unsolicited LMP responses, so remote threat actors could send LMP function response data, triggering a DoS attack.
The flaw received a CVSS score of 6/10.
CVE-2021-31717: Because Bluetooth Classic does not properly handle the reception of unsolicited continuous LMP responses, remote threat actors could send LMP function response data and deploy DoS attacks against the affected system.
This flaw received a CVSS score of 6/10.
As mentioned above, these flaws can be exploited by unauthenticated remote threat actors over the local network (LAN). Still, cybersecurity experts have not detected exploitation attempts in real scenarios.
Due to the nature of the affected products it will be difficult for the manufacturer to release updates that address these issues, although users of these Bluetooth headphones are advised to stay on top of any updates. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
