CVE-2026-37100 An — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	6.5 (MEDIUM)
Type	CWE-284 (Improper Access Control)
Vendor	An
Public PoC	No

An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol

Attack Parameters

Attack Vector

Adjacent

Requires local network access

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-284 Improper Access Control

References 1

https://gist.github.com/sohsatoh/02699fbbdff90e6c2078b508f830022b

cve@mitre.org

Menu

CVE-2026-37100

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-37100

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity