CVE-2021-20107

5.4

MEDIUM

Sloan SmartFaucets BLE Authentication Bypass Vulnerability

Description

There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance.

INFO

Published Date :

June 30, 2021, 2:15 p.m.

Last Modified :

Nov. 21, 2024, 5:45 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

2.5

Exploitability Score :

2.8

Affected Products

The following products are affected by CVE-2021-20107 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Sloan	optima_eaf-100_firmware
2	Sloan	optima_eaf-150_firmware
3	Sloan	optima_eaf-200_firmware
4	Sloan	optima_eaf-225_firmware
5	Sloan	optima_eaf-250_firmware
6	Sloan	optima_eaf-275_firmware
7	Sloan	optima_eaf-350_firmware
8	Sloan	optima_eaf-700_firmware
9	Sloan	optima_eaf-750_firmware
10	Sloan	optima_ebf-187_firmware
11	Sloan	optima_ebf-415_firmware
12	Sloan	optima_ebf-425_firmware
13	Sloan	optima_ebf-550_firmware
14	Sloan	optima_ebf-615_firmware
15	Sloan	optima_ebf-650_firmware
16	Sloan	optima_ebf-665_firmware
17	Sloan	optima_ebf-750_firmware
18	Sloan	optima_ebf-775_firmware
19	Sloan	optima_ebf-85_firmware
20	Sloan	optima_ebf-850_firmware
21	Sloan	optima_etf-610_firmware
22	Sloan	optima_etf-600_firmware
23	Sloan	optima_etf-410_firmware
24	Sloan	optima_etf-420_firmware
25	Sloan	optima_etf-500_firmware
26	Sloan	optima_etf-660_firmware
27	Sloan	optima_etf-700_firmware
28	Sloan	optima_etf-770_firmware
29	Sloan	optima_etf-80_firmware
30	Sloan	optima_etf-800_firmware
31	Sloan	optima_etf-880_firmware
32	Sloan	basys_efx-300_firmware
33	Sloan	basys_efx-350_firmware
34	Sloan	basys_efx-375_firmware
35	Sloan	basys_efx-377_firmware
36	Sloan	basys_efx-380_firmware
37	Sloan	basys_efx-600_firmware
38	Sloan	basys_efx-650_firmware
39	Sloan	basys_efx-675_firmware
40	Sloan	basys_efx-677_firmware
41	Sloan	basys_efx-680_firmware
42	Sloan	basys_efx-200_firmware
43	Sloan	basys_efx-250_firmware
44	Sloan	basys_efx-275_firmware
45	Sloan	basys_efx-277_firmware
46	Sloan	basys_efx-280_firmware
47	Sloan	basys_efx-100_firmware
48	Sloan	basys_efx-150_firmware
49	Sloan	basys_efx-175_firmware
50	Sloan	basys_efx-177_firmware
51	Sloan	basys_efx-180_firmware
52	Sloan	basys_efx-800_firmware
53	Sloan	basys_efx-850_firmware
54	Sloan	solis_8111_firmware
55	Sloan	solis_8186_firmware
56	Sloan	solis_ress-c_firmware
57	Sloan	solis_ress-u_firmware
58	Sloan	solis_8152_firmware
59	Sloan	solis_8195_firmware
60	Sloan	solis_8115_firmware
61	Sloan	solis_8110_firmware
62	Sloan	solis_8180_firmware
63	Sloan	solis_8113_firmware
64	Sloan	solis_8137_firmware
65	Sloan	solis_bpw_8000_firmware
66	Sloan	solis_8116_firmware
67	Sloan	solis_8111_bt_firmware
68	Sloan	solis_8153_firmware
69	Sloan	solis_8186_bt_firmware
70	Sloan	solis_ress-c_bt_firmware
71	Sloan	solis_ress-u_bt_firmware
72	Sloan	optima_eaf-100
73	Sloan	optima_eaf-150
74	Sloan	optima_eaf-200
75	Sloan	optima_eaf-225
76	Sloan	optima_eaf-250
77	Sloan	optima_eaf-275
78	Sloan	optima_eaf-350
79	Sloan	optima_eaf-700
80	Sloan	optima_eaf-750
81	Sloan	optima_ebf-187
82	Sloan	optima_ebf-415
83	Sloan	optima_ebf-425
84	Sloan	optima_ebf-550
85	Sloan	optima_ebf-615
86	Sloan	optima_ebf-650
87	Sloan	optima_ebf-665
88	Sloan	optima_ebf-750
89	Sloan	optima_ebf-775
90	Sloan	optima_ebf-85
91	Sloan	optima_ebf-850
92	Sloan	optima_etf-610
93	Sloan	optima_etf-600
94	Sloan	optima_etf-410
95	Sloan	optima_etf-420
96	Sloan	optima_etf-500
97	Sloan	optima_etf-660
98	Sloan	optima_etf-700
99	Sloan	optima_etf-770
100	Sloan	optima_etf-80
101	Sloan	optima_etf-800
102	Sloan	optima_etf-880
103	Sloan	basys_efx-300
104	Sloan	basys_efx-350
105	Sloan	basys_efx-375
106	Sloan	basys_efx-377
107	Sloan	basys_efx-380
108	Sloan	basys_efx-600
109	Sloan	basys_efx-650
110	Sloan	basys_efx-675
111	Sloan	basys_efx-677
112	Sloan	basys_efx-680
113	Sloan	basys_efx-200
114	Sloan	basys_efx-250
115	Sloan	basys_efx-275
116	Sloan	basys_efx-277
117	Sloan	basys_efx-280
118	Sloan	basys_efx-100
119	Sloan	basys_efx-150
120	Sloan	basys_efx-175
121	Sloan	basys_efx-177
122	Sloan	basys_efx-180
123	Sloan	basys_efx-800
124	Sloan	basys_efx-850
125	Sloan	solis_8111
126	Sloan	solis_8186
127	Sloan	solis_ress-c
128	Sloan	solis_ress-u
129	Sloan	solis_8152
130	Sloan	solis_8195
131	Sloan	solis_8115
132	Sloan	solis_8110
133	Sloan	solis_8180
134	Sloan	solis_8113
135	Sloan	solis_8137
136	Sloan	solis_bpw_8000
137	Sloan	solis_8116
138	Sloan	solis_8111_bt
139	Sloan	solis_8153
140	Sloan	solis_8186_bt
141	Sloan	solis_ress-c_bt
142	Sloan	solis_ress-u_bt

: Total Affected Vendor : 1 | Products : 142

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-20107.

URL	Resource
https://www.tenable.com/security/research/tra-2021-26-0	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-26-0	Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-20107 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-20107 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

Nov. 21, 2024

Action	Type	Old Value	New Value
Added	Reference		https://www.tenable.com/security/research/tra-2021-26-0

CVE Modified by [email protected]

May. 14, 2024

Action	Type	Old Value	New Value

CWE Remap by [email protected]

Jun. 28, 2022

Action	Type	Old Value	New Value
Changed	CWE	CWE-287	CWE-306

Initial Analysis by [email protected]

Jul. 08, 2021

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:A/AC:L/Au:N/C:P/I:P/A:N)
Added	CVSS V3.1		NIST AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Changed	Reference Type	https://www.tenable.com/security/research/tra-2021-26-0 No Types Assigned	https://www.tenable.com/security/research/tra-2021-26-0 Exploit, Third Party Advisory
Added	CWE		NIST CWE-287
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-100_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-150_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-200_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-200:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-225_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-225:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-250_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-250:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-275_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-275:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-350_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-350:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-700_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-700:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_eaf-750_firmware:-::::::: OR cpe:2.3:h:sloan:optima_eaf-750:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-187_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-187:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-415_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-415:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-425_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-425:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-550_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-550:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-615_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-615:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-650_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-650:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-665_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-665:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-750_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-750:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-775_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-775:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-85_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-85:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_ebf-850_firmware:-::::::: OR cpe:2.3:h:sloan:optima_ebf-850:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-610_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-610:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-600_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-600:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-410_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-410:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-420_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-500_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-500:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-660_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-660:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-700_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-700:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-770_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-770:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-80_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-80:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-800_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-800:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:optima_etf-880_firmware:-::::::: OR cpe:2.3:h:sloan:optima_etf-880:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-300_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-300:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-350_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-350:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-375_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-375:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-377_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-377:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-380_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-380:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-600_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-600:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-650_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-650:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-675_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-675:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-677_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-677:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-680_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-680:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-200_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-200:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-250_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-250:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-275_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-275:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-277_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-277:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-280_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-280:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-100_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-100:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-150_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-150:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-175_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-175:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-177_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-177:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-180_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-180:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-800_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-800:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:basys_efx-850_firmware:-::::::: OR cpe:2.3:h:sloan:basys_efx-850:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8111_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8111:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8186_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8186:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_ress-c_firmware:-::::::: OR cpe:2.3:h:sloan:solis_ress-c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_ress-u_firmware:-::::::: OR cpe:2.3:h:sloan:solis_ress-u:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8152_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8152:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8195_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8195:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8115_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8115:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8110_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8110:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8180_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8180:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8113_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8113:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8137_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8137:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_bpw_8000_firmware:-::::::: OR cpe:2.3:h:sloan:solis_bpw_8000:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8116_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8116:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8111_bt_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8111_bt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8153_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8153:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_8186_bt_firmware:-::::::: OR cpe:2.3:h:sloan:solis_8186_bt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_ress-c_bt_firmware:-::::::: OR cpe:2.3:h:sloan:solis_ress-c_bt:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:sloan:solis_ress-u_bt_firmware:-::::::: OR cpe:2.3:h:sloan:solis_ress-u_bt:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-20107 is associated with the following CWEs:

CWE-306: Missing Authentication for Critical Function

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-20107 weaknesses.

CAPEC-12: Choosing Message Identifier Choosing Message Identifier CAPEC-36: Using Unpublished Interfaces or Functionality Using Unpublished Interfaces or Functionality CAPEC-62: Cross Site Request Forgery Cross Site Request Forgery CAPEC-166: Force the System to Reset Values Force the System to Reset Values CAPEC-216: Communication Channel Manipulation Communication Channel Manipulation

CVE-2021-20107

Sloan SmartFaucets BLE Authentication Bypass Vulnerability

Description

INFO

June 30, 2021, 2:15 p.m.

Nov. 21, 2024, 5:45 a.m.

[email protected]

No

2.5

2.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by af854a3a-2127-422b-91ae-364da2661108

CVE Modified by [email protected]

CWE Remap by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.07 }} 0.02%

0.23231

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable