CVE-2025-9994
📋 TL;DR
The Amp'ed RF BT-AP 111 Bluetooth access point's HTTP admin interface lacks authentication, allowing anyone with network access to gain administrative control. This affects all users of this device who haven't implemented additional security controls. Attackers can reconfigure the device, intercept traffic, or use it as an attack vector.
💻 Affected Systems
- Amp'ed RF BT-AP 111 Bluetooth Access Point
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover leading to network compromise, data interception, ransomware deployment, or use as a pivot point for lateral movement.
Likely Case
Unauthorized configuration changes, network disruption, credential harvesting from connected devices, or installation of persistent backdoors.
If Mitigated
Limited impact if device is isolated in a secure network segment with strict access controls and monitoring.
🎯 Exploit Status
Exploitation requires only HTTP access to the admin interface - no authentication or special tools needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: https://www.kb.cert.org/vuls/id/763183
Restart Required: No
Instructions:
1. Check vendor website for firmware updates. 2. If update available, download from official source. 3. Access admin interface (currently without auth). 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Verify authentication is now required.
🔧 Temporary Workarounds
Network Segmentation
allIsolate the BT-AP 111 on a separate VLAN with strict firewall rules limiting access to authorized management systems only.
Reverse Proxy with Authentication
linuxPlace a reverse proxy (like nginx or Apache) in front of the device that requires authentication before forwarding to the admin interface.
# nginx basic auth example
location /admin {
proxy_pass http://bt-ap-111-ip;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
🧯 If You Can't Patch
- Disable HTTP admin interface entirely if not needed, using alternative management methods
- Implement strict network access controls (firewall rules) to only allow management from specific IP addresses
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[device-ip] in a browser. If you reach an admin interface without any login prompt, the device is vulnerable.Check Version:
Check device web interface footer or status page for firmware version informationVerify Fix Applied:
After applying controls, verify that accessing the admin interface now requires authentication or is inaccessible.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to device IP on port 80
- Configuration changes from unexpected source IPs
- Multiple failed authentication attempts if auth is later enabled
Network Indicators:
- HTTP traffic to device admin interface from unauthorized subnets
- Unusual outbound connections from the BT-AP device
SIEM Query:
source.ip="BT-AP-111-IP" AND (http.method="POST" OR http.method="PUT") AND NOT user.agent="authorized-management-tool"