Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause a Denial of Service (DoS) via supplying crafted RFCOMM frames.
Articles & Coverage 1
AnalysisAI
Denial of service in Parani M10 Motorcycle Intercom v2.1.3 via crafted Bluetooth RFCOMM frames allows unauthenticated attackers within wireless range to crash the device. The vulnerability exploits a buffer overflow in the RFCOMM service handler, causing high availability impact. A proof-of-concept exists but active exploitation has not been confirmed; EPSS score of 0.02% suggests limited real-world exploitation pressure despite the accessible attack vector.
Technical ContextAI
The Bluetooth RFCOMM (Radio Frequency Communication) protocol is a serial port emulation service layered atop the Bluetooth L2CAP protocol, commonly used in hands-free audio devices and intercoms for command and control channels. The Parani M10 implements RFCOMM to handle wireless communication between multiple intercom units. The vulnerability stems from CWE-120 (Buffer Copy without Checking Size of Input-'classic' buffer overflow), indicating that the RFCOMM frame parser does not properly validate the length of incoming frames before copying them into a fixed-size buffer. Malformed RFCOMM frames with oversized payloads trigger memory corruption, leading to device crash. The attack requires no authentication (CVSS PR:N) and no user interaction (UI:N), making exploitation straightforward for any attacker within Bluetooth range (AV:A-adjacent network).
RemediationAI
Contact Parani/Amoebatech for a patched firmware version; the CVE description and available references do not specify an exact fixed version number, preventing a definitive upgrade path from this analysis. Until a patch is available, mitigation relies on operational controls: disable or restrict Bluetooth RFCOMM services if not required for core intercom function (trade-off: loss of remote command capability or pairing flexibility), disable Bluetooth entirely in low-threat environments (trade-off: intercom becomes wired-only), or maintain physical isolation of intercom units from untrusted Bluetooth environments (trade-off: reduced mobility and multi-unit coordination). For motorcycle riders, recommend avoiding public or crowded venues where rogue Bluetooth attackers could operate. Monitor Amoebatech security advisories and VulDB/NVD for patch availability; subscribe to vendor security notifications if available. If a patched firmware version is released, apply it immediately via over-the-air update (if supported) or device firmware flash.
Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali
Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST
Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o
Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when
Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_
Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc
Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s
An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge
An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S
Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22071