A critical security vulnerability has been discovered in the Amp’ed RF BT-AP 111 Bluetooth Access Point, exposing organizations to significant security risks through an unauthenticated administrative interface.
The device, which serves as a Bluetooth-to-Ethernet bridge supporting both access point and gateway functionality, lacks fundamental authentication controls on its web-based management system.
The vulnerability, designated as CVE-2025-9994, allows remote attackers with network access to gain complete administrative control over the device without requiring any credentials.
This flaw affects the device’s HTTP-based administrative interface, which manages critical functions including Bluetooth configurations, network parameters, and security settings.
The BT-AP 111 supports Universal Plug and Play (UPnP) on the Ethernet side and can handle up to seven simultaneous Bluetooth connections through its UART Serial interface.
Carnegie Mellon University analysts identified this vulnerability through CERT Coordination Center research, highlighting the device’s failure to implement baseline security controls.
The researchers noted that this configuration violates established NIST security guidelines, particularly SP 800-121 Rev. 2, which mandates authentication for Bluetooth devices at Service Level 2 or higher.
Authentication Bypass Mechanism
The vulnerability stems from a complete absence of authentication mechanisms in the device’s web interface architecture.
Unlike typical network devices that implement login screens or certificate-based authentication, the BT-AP 111 directly exposes its administrative panel to any user accessing its HTTP port.
This design flaw allows attackers to modify device configurations, alter Bluetooth pairing settings, and potentially intercept or manipulate data flowing through the bridge.
The exploitation vector requires only network connectivity to the target device, making it accessible to both local network attackers and, in misconfigured environments, remote threats.
Given the vendor’s lack of response to disclosure efforts, security professionals recommend isolating affected devices on segregated network segments inaccessible to untrusted users until proper authentication controls can be implemented.
Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source link
