Attacker Value
Unknown
0
CVE-2021-20107
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
0
CVE-2021-20107
(Last updated November 28, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low Energy (BLE) connectivity to read and write to many BLE characteristics on the device. Some of these control the flow of water, the sensitivity of the sensors, and information about maintenance.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.4 Medium
Impact Score:
2.5
Exploitability Score:
2.8
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
SLOAN All known versions
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Vendors
Products
- basys efx-100 firmware -,
- basys efx-150 firmware -,
- basys efx-175 firmware -,
- basys efx-177 firmware -,
- basys efx-180 firmware -,
- basys efx-200 firmware -,
- basys efx-250 firmware -,
- basys efx-275 firmware -,
- basys efx-277 firmware -,
- basys efx-280 firmware -,
- basys efx-300 firmware -,
- basys efx-350 firmware -,
- basys efx-375 firmware -,
- basys efx-377 firmware -,
- basys efx-380 firmware -,
- basys efx-600 firmware -,
- basys efx-650 firmware -,
- basys efx-675 firmware -,
- basys efx-677 firmware -,
- basys efx-680 firmware -,
- basys efx-800 firmware -,
- basys efx-850 firmware -,
- optima eaf-100 firmware -,
- optima eaf-150 firmware -,
- optima eaf-200 firmware -,
- optima eaf-225 firmware -,
- optima eaf-250 firmware -,
- optima eaf-275 firmware -,
- optima eaf-350 firmware -,
- optima eaf-700 firmware -,
- optima eaf-750 firmware -,
- optima ebf-187 firmware -,
- optima ebf-415 firmware -,
- optima ebf-425 firmware -,
- optima ebf-550 firmware -,
- optima ebf-615 firmware -,
- optima ebf-650 firmware -,
- optima ebf-665 firmware -,
- optima ebf-750 firmware -,
- optima ebf-775 firmware -,
- optima ebf-85 firmware -,
- optima ebf-850 firmware -,
- optima etf-410 firmware -,
- optima etf-420 firmware -,
- optima etf-500 firmware -,
- optima etf-600 firmware -,
- optima etf-610 firmware -,
- optima etf-660 firmware -,
- optima etf-700 firmware -,
- optima etf-770 firmware -,
- optima etf-80 firmware -,
- optima etf-800 firmware -,
- optima etf-880 firmware -,
- solis 8110 firmware -,
- solis 8111 bt firmware -,
- solis 8111 firmware -,
- solis 8113 firmware -,
- solis 8115 firmware -,
- solis 8116 firmware -,
- solis 8137 firmware -,
- solis 8152 firmware -,
- solis 8153 firmware -,
- solis 8180 firmware -,
- solis 8186 bt firmware -,
- solis 8186 firmware -,
- solis 8195 firmware -,
- solis bpw 8000 firmware -,
- solis ress-c bt firmware -,
- solis ress-c firmware -,
- solis ress-u bt firmware -,
- solis ress-u firmware -
References
Miscellaneous
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
