VU#763183: Amp'ed RF BT-AP 111... Note

VU#763183: Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism

The Amp’ed RF BT-AP 111 Bluetooth Access Point has a critical security flaw. Its administrative interface is accessible via HTTP without any authentication. This vulnerability allows unauthenticated remote attackers to gain complete administrative control. The BT-AP 111 acts as a Bluetooth-to-Ethernet bridge and access point. It supports UPnP and up to seven Bluetooth connections. The web interface lacks any login mechanism, enabling anyone on the network to view and change settings. Attackers can alter Bluetooth and network configurations, including security settings. This absence of authentication violates established security best practices for connected devices. The impact is full administrative control and modification of all device settings. No vendor response has been received regarding this vulnerability. Until a fix is available, affected devices should be isolated on networks inaccessible to untrusted users.