CVE-2021-44905 – CVE-2021-44905 is an incorrect permissions vuln... (How to Fix)

Q: What is the severity of CVE-2021-44905?

CVE-2021-44905 has a CVSS score of 8.2 (HIGH). CVE-2021-44905 is an incorrect permissions vulnerability in Fortessa FTBTLD Smart Lock's Bluetooth services that allows remote attackers to disable the lock by changing its name without authentication. This affects Fortessa FTBTLD Smart Lock users with devices operating as of December 13, 2022. The vulnerability enables denial of service against the physical lock mechanism.

📋 TL;DR

CVE-2021-44905 is an incorrect permissions vulnerability in Fortessa FTBTLD Smart Lock's Bluetooth services that allows remote attackers to disable the lock by changing its name without authentication. This affects Fortessa FTBTLD Smart Lock users with devices operating as of December 13, 2022. The vulnerability enables denial of service against the physical lock mechanism.

💻 Affected Systems

Products:

Fortessa FTBTLD Smart Lock

Versions: All versions as of 2022-12-13

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Bluetooth enabled and in pairing/discoverable mode. Physical proximity to the lock is required for exploitation.

📦 What is this software?

Fortessa Ftbtld Firmware by Cef

View all CVEs affecting Fortessa Ftbtld Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker within Bluetooth range could disable the smart lock, preventing legitimate users from unlocking doors and potentially causing physical security breaches or lockouts.

🟠

Likely Case

Unauthorized users changing lock names to cause confusion or temporary denial of service, disrupting normal access control operations.

🟢

If Mitigated

With proper network segmentation and Bluetooth security controls, impact is limited to local Bluetooth range with no remote internet exploitation possible.

🌐 Internet-Facing: LOW - The vulnerability requires Bluetooth proximity and does not expose internet-facing attack surfaces.

🏢 Internal Only: HIGH - Within Bluetooth range (typically ~10 meters), attackers can exploit this without authentication to disable physical security controls.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires Bluetooth-capable device and knowledge of the vulnerability. Public research demonstrates trivial exploitation via standard Bluetooth tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found in provided references

Restart Required: No

Instructions:

No official patch available. Contact Fortessa for firmware updates or replacement options.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

all

Turn off Bluetooth functionality on the smart lock except during legitimate pairing/configuration operations

Physical access control

all

Restrict physical proximity to the lock to prevent unauthorized Bluetooth connections

🧯 If You Can't Patch

Deploy physical monitoring and surveillance around lock locations to detect unauthorized access attempts
Implement secondary physical security controls (mechanical locks, access logs) to compensate for smart lock vulnerabilities

🔍 How to Verify

Check if Vulnerable:

Attempt to connect to the lock via Bluetooth and send a lock name change request without authentication using tools like Bluetooth debugging apps

Check Version:

Check device firmware version through manufacturer's mobile app or management interface

Verify Fix Applied:

Test if unauthenticated lock name changes are rejected after applying any firmware updates

📡 Detection & Monitoring

Log Indicators:

Unexpected Bluetooth connection attempts
Lock name changes without authorized user activity

Network Indicators:

Bluetooth pairing requests from unknown MAC addresses
Bluetooth GATT characteristic writes to device name attribute

SIEM Query:

No standard SIEM query available for Bluetooth-based IoT device attacks

📊 Metadata

CVE ID: CVE-2021-44905

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-276

Published: March 25, 2022

Last Updated: November 21, 2024

🔗 References

https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-change-the-device-name-hilarity-ensues Exploit,Third Party Advisory
https://online.fliphtml5.com/fbwgm/fome/#p=20 Product
https://ashallen.net/fortessa-ftbtld-smart-lock-allows-unauthorized-users-to-change-the-device-name-hilarity-ensues Exploit,Third Party Advisory
https://online.fliphtml5.com/fbwgm/fome/#p=20 Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-44905, you might also want to check these: