Advisory Details

April 23rd, 2025

(0Day) Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability

ZDI-25-251
ZDI-CAN-23942

CVE ID CVE-2025-3885
CVSS SCORE 5.3, AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
AFFECTED VENDORS Harman Becker
AFFECTED PRODUCTS MGU21
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
ADDITIONAL DETAILS

06/12/24 – ZDI reported the vulnerability to the vendor
06/13/24 – the vendor acknowledged the receipt of the report
09/30/24 - ZDI asked for updates
10/01/24 – The vendor communicated that the reported behaviour will not be fixed by a third party
10/02/24 – ZDI informed the vendor of the intention to publish the case as a zero-day advisory
DISCLOSURE TIMELINE
  • 2024-06-12 - Vulnerability reported to vendor
  • 2025-04-23 - Coordinated public release of advisory
  • 2025-04-23 - Advisory Updated
CREDIT Aaron Luo, Gloria Chen, Omar Yang, Spencer Hsieh, and Vit Sembera of VicOne
BACK TO ADVISORIES