Yamaha SR-B30A Sound Bar Bluetooth Low Energy Control Vulnerability

A vulnerability in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar, specifically in firmware 2.40, allows remote attackers within BLE range to connect without authentication using the Sound Bar Remote mobile application. Once connected, attackers can send control commands, adjust the volume, and maintain a persistent BLE connection, disrupting legitimate users' access to the device.

Impact

Exploitation of this vulnerability allows for unauthorized control of the sound bar, including volume adjustments and the ability to block legitimate users from connecting via Bluetooth.

Reproduction

To reproduce this vulnerability, an attacker within Bluetooth Low Energy range can scan for nearby devices and connect to the Yamaha SR-B30A sound bar without authentication. After establishing a connection, the attacker can send control commands to the device, such as changing the volume, and maintain the connection to prevent legitimate users from accessing the sound bar remotely.