CVE-2025-15474
Denial of Service via BLE Flooding in AuntyFey Lock Firmware
Publication date: 2026-01-07
Last updated on: 2026-01-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| auntyfey | smart_combination_lock | * |
| auntyfey | bluetooth_low_energy_smart_padlock | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AuntyFey Smart Combination Lock firmware versions as of 2025-12-24. It allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. These sustained connection attempts interrupt the keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a denial of service on your AuntyFey Smart Combination Lock. An attacker can repeatedly initiate BLE connections to the device, which interrupts legitimate keypad authentication attempts and forces the lock into lockout states. This prevents authorized users from unlocking the device, potentially causing inconvenience or security risks if access is needed urgently.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for repeated Bluetooth Low Energy (BLE) connection attempts to the AuntyFey Smart Combination Lock within BLE range. Using a BLE-capable Linux system, you can scan for the lock's static BLE MAC address, which is broadcast after a physical button press. Detection can involve observing frequent connection attempts or interruptions in keypad authentication input. A proof-of-concept (PoC) script is available that repeatedly initiates unauthenticated BLE connections to the lock, which can be used to test or detect the vulnerability. The PoC requires Python 3.x and the Bleak Python library. Specific commands would include BLE scanning tools (e.g., `bluetoothctl` or `hcitool lescan`) to identify the lock's MAC address, and running the PoC script from the referenced repository to simulate connection flooding. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting physical access to the lock to prevent attackers from being within BLE range, as the attack requires adjacency. Since the supplier has not yet addressed the vulnerability, users should monitor for unusual lockout behavior and avoid exposing the lock in environments where unauthorized BLE connection attempts can be made. Additionally, disabling BLE functionality if possible or using physical security measures to prevent repeated connection attempts may help. Applying firmware updates when available from the supplier is recommended once a fix is released. [1]