CVE-2020-10135

MEDIUM

Bluetooth BR/EDR Core Specification <5.2 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10135. PoCs published by m4rm0k.

AI-analyzed exploit summary This repository contains a writeup and packet capture log demonstrating the BIAS (Bluetooth Impersonation Attack) CVE-2020-10135. It describes the process of impersonating a previously paired Bluetooth device (Samsung S3 Neo+) to a Linux host, with references to the original PoC by francozappa.

Description

Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.

Exploits (1)

nomisec WRITEUP

by m4rm0k · poc

https://github.com/m4rm0k/CVE-2020-10135-BIAS

View Code ZIP pw:eip

This repository contains a writeup and packet capture log demonstrating the BIAS (Bluetooth Impersonation Attack) CVE-2020-10135. It describes the process of impersonating a previously paired Bluetooth device (Samsung S3 Neo+) to a Linux host, with references to the original PoC by francozappa.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Bluetooth implementations (various vendors)

No auth needed

Prerequisites: Bluetooth address of a previously paired device · Physical proximity to the target device

MITRE ATT&CK

T1587.001 - Malware

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

https://kb.cert.org/vuls/id/647177/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2020/Jun/5

Broken Link, Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Broken Link, Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

Third Party Advisory x_refsource_misc

https://francozappa.github.io/about-bias/

Vendor Advisory x_refsource_confirm

https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/bias-vulnerability/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157922/Bluetooth-Impersonation-Attack-BIAS-Proof-Of-Concept.html

Scores

CVSS v3 5.4

EPSS 0.2019

EPSS Percentile 95.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-757 CWE-290

Status published

Products (2)

bluetooth/bluetooth_core < 5.2 (2 CPE variants)

opensuse/leap 15.1

Published May 19, 2020

Tracked Since Feb 18, 2026