CVE-2006-6899

BlueZ < 2.24 - Remote Control of HID Devices via Malicious PSM Endpoint Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6899. PoCs published by Collin Mulliner.

AI-analyzed exploit summary The provided text describes a device command injection vulnerability in BlueZ hidd prior to version 2.25, allowing remote attackers to control HID devices like mice and keyboards. No actual exploit code is present, only a vulnerability description and reference link.

Description

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Collin Mulliner · textremotelinux

https://www.exploit-db.com/exploits/29471

View Code ZIP pw:eip

The provided text describes a device command injection vulnerability in BlueZ hidd prior to version 2.25, allowing remote attackers to control HID devices like mice and keyboards. No actual exploit code is present, only a vulnerability description and reference link.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: BlueZ hidd < 2.25

No auth needed

Prerequisites: Bluetooth connectivity to the target device · Target system with vulnerable BlueZ hidd version

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/32830

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0065.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-413-1

Various Sources x_refsource_misc

http://mulliner.org/bluetooth/hidattack.php

Various Sources x_refsource_misc

http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/455889/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0200

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23798

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22076

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10208

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23879

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:014

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25264

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23747

Scores

EPSS 0.0322

EPSS Percentile 86.6%

Details

CWE

CWE-16

Status published

Products (1)

bluez_project/bluez < 2.24

Published Dec 31, 2006

Tracked Since Feb 18, 2026