Skip to main content

Meatmeet Pro Thermometer CVE-2025-65828

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2025-12-10 cve@mitre.org
6.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

BLE proximity mandates AV:A; no auth required (PR:N); only availability disrupted with no confidentiality or integrity impact.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:20 vuln.today

DescriptionCVE.org

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from its user and would require re-configuration to re-enable the device. As a result, the end user would be unable to receive updates from the Meatmeet base station which communicates with the cloud services until the device had been fixed or turned back on.

AnalysisAI

Unauthenticated Bluetooth Low Energy (BLE) command execution against the Meatmeet Pro WiFi & Bluetooth Meat Thermometer firmware 1.0.34.4 allows any proximity attacker to issue shutdown, restart, or factory-reset commands without credentials, resulting in a denial of service. The clear-config command is particularly disruptive: it dissociates the device from its owner account, severing the connection to the Meatmeet cloud backend and requiring full device re-provisioning before temperature data can be received again. A public proof-of-concept is available via a GitHub gist, though EPSS sits at 0.27% (19th percentile), reflecting the niche consumer IoT footprint rather than low technical reproducibility.

Technical ContextAI

The affected component is the Meatmeet Pro WiFi & Bluetooth Meat Thermometer firmware at version 1.0.34.4 (CPE: cpe:2.3:o:meatmeet:meatmeet_pro_wifi_&_bluetooth_meat_thermometer_firmware:1.0.34.4). The device exposes a Bluetooth Low Energy (BLE) interface that accepts operational commands - including shutdown, restart, and clear config - without requiring any pairing PIN, bonding, or authentication handshake. CWE-306 (Missing Authentication for Critical Function) precisely captures the root cause: critical device-management functions are reachable over the BLE radio interface with no access control layer. BLE's default open-scanning model means any device within radio range can discover and interact with the thermometer's GATT service without prior pairing.

RemediationAI

No vendor-released patch has been identified at time of analysis. There is no publicly available vendor advisory or fixed firmware version in the referenced sources. As a compensating control, users should store the thermometer in a physically controlled environment to limit BLE adjacency exposure - BLE range is typically 10-100 meters, so indoor use in a home or restaurant reduces but does not eliminate proximity attack surface. Disabling BLE discovery when active pairing is not in progress (if the firmware supports such a mode) would reduce the attack window; however, it is not confirmed whether firmware 1.0.34.4 supports this. Users affected by a clear-config attack must re-pair and re-configure the device through the companion app to restore cloud connectivity. Users should monitor the Meatmeet product page and firmware update channels for a patched release that enforces BLE authentication or pairing requirements before accepting management commands.

Share

CVE-2025-65828 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy