A important safety vulnerability has been found within the Amp’ed RF BT-AP 111 Bluetooth Entry Level, exposing organizations to important safety dangers by way of an unauthenticated administrative interface.
The machine, which serves as a Bluetooth-to-Ethernet bridge supporting each entry level and gateway performance, lacks elementary authentication controls on its web-based administration system.
The vulnerability, designated as CVE-2025-9994, permits distant attackers with community entry to realize full administrative management over the machine with out requiring any credentials.
This flaw impacts the machine’s HTTP-based administrative interface, which manages important features together with Bluetooth configurations, community parameters, and safety settings.
The BT-AP 111 helps Common Plug and Play (UPnP) on the Ethernet facet and may deal with as much as seven simultaneous Bluetooth connections by way of its UART Serial interface.
Carnegie Mellon College analysts recognized this vulnerability by way of CERT Coordination Heart analysis, highlighting the machine’s failure to implement baseline safety controls.
The researchers famous that this configuration violates established NIST safety tips, significantly SP 800-121 Rev. 2, which mandates authentication for Bluetooth gadgets at Service Stage 2 or greater.
Authentication Bypass Mechanism
The vulnerability stems from a whole absence of authentication mechanisms within the machine’s net interface structure.
Not like typical community gadgets that implement login screens or certificate-based authentication, the BT-AP 111 straight exposes its administrative panel to any person accessing its HTTP port.
This design flaw permits attackers to change machine configurations, alter Bluetooth pairing settings, and doubtlessly intercept or manipulate knowledge flowing by way of the bridge.
The exploitation vector requires solely community connectivity to the goal machine, making it accessible to each native community attackers and, in misconfigured environments, distant threats.
Given the seller’s lack of response to disclosure efforts, safety professionals suggest isolating affected gadgets on segregated community segments inaccessible to untrusted customers till correct authentication controls could be carried out.
Increase your SOC and assist your workforce defend your small business with free top-notch menace intelligence: Request TI Lookup Premium Trial.
