CVE-2023-45866

MEDIUM

BlueZ Bluetooth HID Hosts - Unauthenticated Keyboard Input Injection

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 12 public exploits for CVE-2023-45866. PoCs published by pentestfunctions, Danyw24, Eason-zz.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2023-45866, leveraging Bluetooth HID (Human Interface Device) emulation to simulate keyboard inputs on a target device. The code includes utilities for Bluetooth adapter manipulation, device pairing, and L2CAP communication to inject keystrokes.

Description

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Exploits (12)

nomisec WORKING POC 1,776 stars
by pentestfunctions · poc
https://github.com/pentestfunctions/BlueDucky

This repository contains a functional exploit PoC for CVE-2023-45866, leveraging Bluetooth HID (Human Interface Device) emulation to simulate keyboard inputs on a target device. The code includes utilities for Bluetooth adapter manipulation, device pairing, and L2CAP communication to inject keystrokes.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth-enabled systems (Linux with BlueZ stack)
No auth needed
Prerequisites: Physical proximity to the target device · Bluetooth adapter on the attacker's machine · Target device must support Bluetooth HID
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 12 stars
by Danyw24 · poc
https://github.com/Danyw24/blueXploit

The repository contains a functional exploit for CVE-2024-21306, leveraging Bluetooth HID injection to execute keystrokes on vulnerable devices without user confirmation. It includes tools for payload generation, APK injection, and device enumeration, demonstrating a complete attack chain.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth stacks on Android (4.2-14), Linux (BlueZ), macOS (12-14.2), iOS (16), and Windows (pre-January 2024 patch)
No auth needed
Prerequisites: Bluetooth adapter with HCI support · Physical proximity to target device · Unpatched target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 12 stars
by Eason-zz · poc
https://github.com/Eason-zz/BluetoothDucky

This repository contains a functional Bluetooth HID injection tool (BluetoothDucky) that exploits CVE-2023-45866 by emulating a Bluetooth keyboard to inject keystrokes into a target device. The PoC includes full implementation for device scanning, pairing, and payload execution via Duckyscript.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth stack on vulnerable devices (CVE-2023-45866)
No auth needed
Prerequisites: Bluetooth adapter with HID profile support · Physical proximity to target device · Target device Bluetooth enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Sergeb250 · poc
https://github.com/Sergeb250/BlueDucky

This repository contains a functional exploit PoC for CVE-2023-45866, leveraging Bluetooth HID profile manipulation to simulate keyboard input on a target device. The code includes detailed logging, error handling, and reconnection logic, indicating a mature and operational exploit.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth-enabled devices with vulnerable HID profile implementations
No auth needed
Prerequisites: Physical proximity to the target device · Bluetooth adapter on the attacker's machine · Target device with vulnerable Bluetooth stack
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by xG3nesis · poc
https://github.com/xG3nesis/RustyInjector

This repository contains a Rust-based PoC for CVE-2023-45866, demonstrating Bluetooth keystroke injection via the BlueZ stack on Linux. It exploits the 'Just Works' pairing method to inject unauthorized keystrokes by impersonating an HID device.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: BlueZ (Linux Bluetooth stack)
No auth needed
Prerequisites: Bluetooth BR/EDR support · Target device with BlueZ stack · NoInputNoOutput device capability
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by hegaz0y · poc
https://github.com/hegaz0y/-BuL

The repository claims to exploit CVE-2023-45866 for Bluetooth-based keystroke injection but lacks actual exploit code, instead directing users to external resources (Discord, donation links) and using vague marketing language without technical details.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Bluetooth protocol (unspecified versions)
No auth needed
Prerequisites: Bluetooth-enabled device · Proximity to target
devstral-2 · analyzed Jun 01, 2026 Full analysis →
gitlab WORKING POC
by syedusama5556 · poc
https://gitlab.com/syedusama5556/BlueDucky

This repository contains a functional exploit PoC for CVE-2023-45866, leveraging Bluetooth HID (Human Interface Device) profile manipulation to simulate keyboard inputs on a target device. The code includes modules for Bluetooth adapter management, L2CAP connection handling, and HID report generation, indicating a complete and operational exploit.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth stack on Linux systems (BlueZ)
No auth needed
Prerequisites: Bluetooth adapter with HID profile support · Physical proximity to the target device · Target device must have Bluetooth enabled and be discoverable
devstral-2 · analyzed May 15, 2026 Full analysis →
nomisec SCANNER
by ladyg00se · poc
https://github.com/ladyg00se/CVE-2023-45866_WIP

The repository contains a Bluetooth scanner script (`bt_sanner.py`) that discovers nearby Bluetooth devices but does not include exploit code for CVE-2023-45866. The README provides a detailed technical overview of the vulnerability and its exploitation mechanics but lacks functional exploit code.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Bluetooth-enabled devices (Android, iOS, macOS, Linux)
No auth needed
Prerequisites: Bluetooth-enabled attacker device · Bluetooth enabled on target device
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Chedrian07 · poc
https://github.com/Chedrian07/CVE-2023-45866-POC

This repository contains a functional PoC for CVE-2023-45866, which exploits a Bluetooth HID vulnerability to simulate keyboard input on a target device. The code includes a Bluetooth HID keyboard emulator and a DuckyScript parser to execute keystroke injection attacks.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth HID devices (specific version not specified)
No auth needed
Prerequisites: Bluetooth connectivity to the target device · Target device must be vulnerable to HID injection
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by cisnarfu · poc
https://github.com/cisnarfu/Bluepop

This repository contains a functional exploit for CVE-2023-45866, leveraging Bluetooth L2CAP to simulate HID keyboard inputs. The code includes modules for managing Bluetooth connections, sending keystrokes, and executing payloads via Duckyscript.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth stacks vulnerable to CVE-2023-45866
No auth needed
Prerequisites: Bluetooth adapter (e.g., hci0) · Physical proximity to target device · Target device with vulnerable Bluetooth stack
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec STUB
by jjjjjjjj987 · poc
https://github.com/jjjjjjjj987/cve-2023-45866-py

The repository contains only a Jekyll configuration file with no exploit code or technical details related to CVE-2023-45866. It appears to be a placeholder or incomplete repository.

Classification
Stub 95%
Attack Type
Other
Complexity
N/a
Reliability
N/a
Target: N/A
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (15)

Core 15
Core References
Not Applicable
https://bluetooth.com
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Dec/9
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2023/Dec/7
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5584
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202401-03

Scores

CVSS v3 6.3
EPSS 0.0788
EPSS Percentile 94.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-287
Status published
Products (19)
apple/ipados < 17.2
apple/iphone_os 16.6
apple/iphone_os < 17.2
apple/macos 12.6.7
apple/macos 13.3.3
apple/macos 14.0 - 14.2
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 22.04
canonical/ubuntu_linux 23.10
... and 9 more
Published Dec 08, 2023
Tracked Since Feb 18, 2026