The device, which serves as a Bluetooth-to-Ethernet bridge supporting both access point and gateway functionality, lacks fundamental authentication controls on its web-based management system.
The vulnerability, designated as CVE-2025-9994, allows remote attackers with network access to gain complete administrative control over the device without requiring any credentials.
This flaw affects the device’s HTTP-based administrative interface, which manages critical functions including Bluetooth configurations, network parameters, and security settings.
The BT-AP 111 supports Universal Plug and Play (UPnP) on the Ethernet side and can handle up to seven simultaneous Bluetooth connections through its UART Serial interface.
Carnegie Mellon University analysts identified this vulnerability through CERT Coordination Center research, highlighting the device’s failure to implement baseline security controls.
The researchers noted that this configuration violates established NIST security guidelines, particularly SP 800-121 Rev. 2, which mandates authentication for Bluetooth devices at Service Level 2 or higher.
The vulnerability stems from a complete absence of authentication mechanisms in the device’s web interface architecture.
Unlike typical network devices that implement login screens or certificate-based authentication, the BT-AP 111 directly exposes its administrative panel to any user accessing its HTTP port.
This design flaw allows attackers to modify device configurations, alter Bluetooth pairing settings, and potentially intercept or manipulate data flowing through the bridge.
The exploitation vector requires only network connectivity to the target device, making it accessible to both local network attackers and, in misconfigured environments, remote threats.
Given the vendor’s lack of response to disclosure efforts, security professionals recommend isolating affected devices on segregated network segments inaccessible to untrusted users until proper authentication controls can be implemented.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
The post Amp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Let Attackers Gain Full Admin Access appeared first on Cyber Security News.
Looking to expand your home gym on the cheap? For this week only, one of…
The Dungeon Crawler Carl books are having a moment right now. Matt Dinniman's popular LitRPG…
Air Bud is dead. Long live Air Bud! The first footage from Air Bud Returns…
Bluetti is well known for its high quality yet affordable power stations and solar generators.…
INDIANAPOLIS, Ind. (WOWO) — The Indianapolis Metropolitan Police Department made multiple arrests and seized an…
EVANSVILLE, Ind. (WOWO) — The Evansville City Council on Monday passed a resolution by a…
This website uses cookies.