CVE Catalog

CVE-2025-44526

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

The Realtek RTL8762E SDK V1.4.0 was found to have insufficient permission checks on critical fields in Bluetooth Low Energy (BLE) data packets. This vulnerability allows an attacker to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Risk Assessment

An attacker can remotely crash a device using the vulnerable component, leading to disruption of IoT services or other systems relying on BLE connectivity.

Recommendation

Immediately update the RTL8762E SDK to the latest patched version. If no update is available, restrict BLE range and monitor for anomalous packets.

Original NVD description (English source)

Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS