CVE-2024-21306

MEDIUM

Windows 10/11, Server 2022 Spoofing via Bluetooth Driver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-21306. PoCs published by Danyw24, PhucHauDeveloper, d4rks1d33.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-21306, leveraging Bluetooth HID injection to execute keystrokes on vulnerable devices without user confirmation. It includes tools for payload generation, APK injection, and device enumeration, demonstrating a complete attack chain.

Description

Microsoft Bluetooth Driver Spoofing Vulnerability

Exploits (3)

nomisec WORKING POC 12 stars
by Danyw24 · poc
https://github.com/Danyw24/blueXploit

The repository contains a functional exploit for CVE-2024-21306, leveraging Bluetooth HID injection to execute keystrokes on vulnerable devices without user confirmation. It includes tools for payload generation, APK injection, and device enumeration, demonstrating a complete attack chain.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth stacks on Android (4.2-14), Linux (BlueZ), macOS (12-14.2), iOS (16), and Windows (pre-January 2024 patch)
No auth needed
Prerequisites: Bluetooth adapter with HCI support · Physical proximity to target device · Unpatched target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 9 stars
by PhucHauDeveloper · poc
https://github.com/PhucHauDeveloper/BadBlue

This repository contains a functional exploit PoC for CVE-2024-21306, leveraging Bluetooth HID (Human Interface Device) to simulate keystrokes on a target device. The script includes detailed key mappings and can execute DuckyScript commands, indicating it is designed for remote code execution (RCE) via Bluetooth.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth-enabled devices (likely Windows, Linux, or macOS with HID profile support)
No auth needed
Prerequisites: Bluetooth adapter on attacker's machine · Target device with Bluetooth HID profile enabled · Physical proximity for Bluetooth pairing
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by d4rks1d33 · poc
https://github.com/d4rks1d33/C-PoC-for-CVE-2024-21306

This repository contains a functional C-based PoC for CVE-2024-21306, which exploits a Bluetooth HID vulnerability to inject keystrokes (e.g., 'tab' keypresses) into a target system by impersonating a keyboard device. The exploit establishes L2CAP connections to HID control and interrupt PSMs, demonstrating unauthorized input injection.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth HID devices (specific version not specified)
No auth needed
Prerequisites: Bluetooth interface with spoofing capabilities · Physical proximity to target device · Target device must accept HID connections
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.7
EPSS 0.0583
EPSS Percentile 92.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-306
Status published
Products (7)
microsoft/windows_10_21h2 < 10.0.19044.3930
microsoft/windows_10_22h2 < 10.0.19045.3930
microsoft/windows_11_21h2 < 10.0.22000.2713
microsoft/windows_11_22h2 < 10.0.22621.3007
microsoft/windows_11_23h2 < 10.0.22631.3007
microsoft/windows_server_2022 < 10.0.20348.2227
microsoft/windows_server_2022_23h2 < 10.0.25398.643
Published Jan 09, 2024
Tracked Since Feb 18, 2026