Mesh Profile

mesh_profile

Vendor: Bluetooth • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-26560 1Bluetooth 1Mesh Profile Nov 4, 2025 May 24, 2021 N/A· v4 8.1 HIGH· v3 4.8 MEDIUM· v2 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue,...Show more Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.Show less
CVE-2020-26559 1Bluetooth 1Mesh Profile Nov 4, 2025 May 24, 2021 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the c...Show more Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.Show less
CVE-2020-26557 1Bluetooth 1Mesh Profile Nov 4, 2025 May 24, 2021 N/A· v4 7.5 HIGH· v3 2.9 LOW· v2 Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless...Show more Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).Show less
CVE-2020-26556 1Bluetooth 2Bluetooth Core Specification Mesh Profile Nov 21, 2024 May 24, 2021 N/A· v4 7.5 HIGH· v3 2.9 LOW· v2 Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out,...Show more Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment.Show less