CVE-2020-10135
CWE-757Published: May 19, 2020· Updated: Jun 17, 2026
Official Description
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
Technical Analysis
CVE-2020-10135 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (14)
Quick Facts
Related CVEs (CWE-757)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2020-10135 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts