Primary

Context

Texas Instruments SimpleLink CC13XX CC26XX SDK Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK version 7.41.00.17. The issue arises during the authentication and connection phase, where attackers can send a crafted LL_Pause_Enc_Req packet, disrupting the normal process and causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing disruptions in the authentication and connection process.

Reproduction

To reproduce this vulnerability, send a crafted LL_Pause_Enc_Req packet during the authentication and connection phase. This can be done using a Bluetooth Low Energy (BLE) testing tool or script that allows for the manipulation of BLE packets. The targeted device should be running Texas Instruments SimpleLink CC13XX CC26XX SDK version 7.41.00.17.

Added: Jun 23, 2025, 8:18 PM

Updated: Jun 23, 2025, 8:18 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Texas Instruments SimpleLink CC13XX CC26XX SDK Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Texas Instruments SimpleLink CC13XX

Texas Instruments CC26XX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating