Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for AB156x, AB157x, AB158x, AB159x series by Airoha Technology Corp.

    CVE-2025-20701 (GCVE-0-2025-20701)

    Vulnerability from nvd – Published: 2025-08-04 06:20 – Updated: 2026-06-21 07:37
    VLAI
    Summary
    In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Airoha Technology Corp. AB156x, AB157x, AB158x, AB159x series Affected: Airoha IoT SDK for BT audio v5.5.0 and earlier
    Affected: Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-05T03:56:10.880579Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:04.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-21T07:37:20.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2026/Jun/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AB156x, AB157x, AB158x, AB159x series",
              "vendor": "Airoha Technology Corp.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Airoha IoT SDK for BT audio v5.5.0 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T06:20:32.057Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://www.airoha.com/product-security-bulletin/2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20701",
        "datePublished": "2025-08-04T06:20:32.057Z",
        "dateReserved": "2024-11-01T01:21:50.382Z",
        "dateUpdated": "2026-06-21T07:37:20.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20701 (GCVE-0-2025-20701)

    Vulnerability from cvelistv5 – Published: 2025-08-04 06:20 – Updated: 2026-06-21 07:37
    VLAI
    Summary
    In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    Airoha Technology Corp. AB156x, AB157x, AB158x, AB159x series Affected: Airoha IoT SDK for BT audio v5.5.0 and earlier
    Affected: Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20701",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-05T03:56:10.880579Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:04.636Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-21T07:37:20.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2026/Jun/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AB156x, AB157x, AB158x, AB159x series",
              "vendor": "Airoha Technology Corp.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Airoha IoT SDK for BT audio v5.5.0 and earlier"
                },
                {
                  "status": "affected",
                  "version": "Airoha AB1561x/AB1562x/AB1563x SDK v3.3.1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-04T06:20:32.057Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://www.airoha.com/product-security-bulletin/2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20701",
        "datePublished": "2025-08-04T06:20:32.057Z",
        "dateReserved": "2024-11-01T01:21:50.382Z",
        "dateUpdated": "2026-06-21T07:37:20.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }