CVE-2024-34268
Received Received - Intake

Unsecured Bluetooth Access in Eqiva CC-RT-BLE Thermostat

Vulnerability report for CVE-2024-34268, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: MITRE

Description

EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to the latest version 1.46 was discovered to allow unsecured bluetooth connections. This vulnerability allows attackers to gain full access to the device without authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
eq-3 eqiva_cc-rt-ble to 1.46 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat. It allows unsecured Bluetooth connections, enabling attackers to gain full access to the device without authentication.

Detection Guidance

This vulnerability involves unsecured Bluetooth connections on the EQ-3 Eqiva CC-RT-BLE device. To detect it, scan for nearby Bluetooth devices using tools like hcitool or bluetoothctl. Check if the device allows unauthenticated connections by attempting to pair without credentials. Monitor network traffic for unencrypted Bluetooth communication.

Impact Analysis

Attackers could exploit this to control the thermostat remotely, potentially leading to unauthorized heating adjustments, energy waste, or unsafe temperature settings in your home.

Compliance Impact

This vulnerability allows unauthorized access to a Bluetooth-enabled device, potentially exposing sensitive data or enabling control of connected systems. For GDPR, it could lead to unauthorized data access or processing, violating confidentiality and integrity principles. For HIPAA, it may compromise protected health information if the device interacts with healthcare systems. Unsecured Bluetooth connections increase the risk of data breaches, which could result in non-compliance with these regulations.

Mitigation Strategies

Disable Bluetooth connectivity on the device if not required. Ensure the device firmware is updated to the latest version if a patch is available. Restrict physical access to the device to prevent unauthorized Bluetooth pairing.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-34268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart