CVE-2024-48290: An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to...
An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.
Security readout for executives and security teams
Plain-English summary
CVE-2024-48290 is a denial-of-service issue in Realtek RTL8762E BLE SDK v1.4.0. A nearby attacker with Bluetooth Low Energy range could disrupt availability by sending a crafted termination packet. The public data does not identify downstream device models or a named patch.
Executive priority
Treat as a moderate availability risk. It is not described as data theft or remote internet compromise, but BLE disruption can matter for operational, medical, access-control, or field devices. Prioritize asset identification and vendor confirmation over emergency response.
Technical view
The issue affects the Bluetooth Low Energy implementation in Realtek RTL8762E BLE SDK v1.4.0. The CVSS vector is AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating adjacent-network reachability, no privileges, no user interaction, and limited availability impact only. It is mapped to CWE-1284.
Likely exposure
Exposure is most likely in embedded or IoT products built with Realtek RTL8762E BLE SDK v1.4.0. The source bundle does not name specific vendors, device models, firmware versions, or CPEs, so confirmation requires supplier, SBOM, or firmware lineage checks.
Exploitation context
No CISA KEV listing or cited source in the bundle indicates active exploitation. Exploitation requires Bluetooth adjacency rather than internet exposure. Public details describe a crafted ll_terminate_ind packet causing DoS, but the bundle does not provide broader exploit evidence.
Researcher notes
The public record is sparse: affected vendor/product fields are n/a, the description names only Realtek RTL8762E BLE SDK v1.4.0, and no remediation is specified in the provided sources. Avoid assuming downstream device impact without firmware provenance evidence.
Mitigation direction
Check Realtek and device-vendor guidance for fixed SDK or firmware releases.
Inventory BLE-enabled products that may use Realtek RTL8762E SDK v1.4.0.
Request component and firmware confirmation from suppliers for affected devices.
Apply vendor firmware updates when available and validated.
Disable BLE where it is not operationally required.
Prioritize devices where availability loss affects safety or operations.
Validation and detection
Review SBOMs, firmware notes, and supplier attestations for RTL8762E BLE SDK v1.4.0.
Confirm whether affected devices expose BLE in deployed environments.
Check vendor advisories for patch status and affected downstream products.
Monitor for unexplained BLE disconnects or availability degradation.
Validate fixes only in controlled lab conditions, without offensive reproduction.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-1284: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-1284 · source CWE mapping
Improper Validation of Specified Quantity in Input
Improper Validation of Specified Quantity in Input represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.