CVEs in Bluetooth Headphones and Earbuds
10 months ago
- #Vulnerability
- #Bluetooth
- #Security
- Vulnerabilities found in Bluetooth headphones and earbuds using Airoha SoCs.
- Attackers can compromise devices within Bluetooth range without authentication.
- Three CVEs identified: CVE-2025-20700, CVE-2025-20701, CVE-2025-20702.
- Affected devices include models from Beyerdynamic, Marshall, Sony, and others.
- Vulnerabilities allow RAM/Flash manipulation, eavesdropping, and impersonation.
- Airoha has released SDK updates; manufacturers are working on patches.
- High-value targets like journalists and diplomats are at higher risk.
- End-users need firmware updates; some vendors may not be aware of using Airoha SoCs.
- Disclosure timeline includes reporting to Airoha and vendors, with patches expected.