The Meatmeet device is a Bluetooth Low Energy (BLE) enabled device used for various applications. This vulnerability allows an attacker within proximity to perform an unauthorized Over The Air (OTA) firmware upgrade using BLE, resulting in Remote Code Execution (RCE). As the device does not perform checks on upgrades, this results in complete access loss by the victim.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to a patched firmware version from the Meatmeet official website (https://www.meatmeet.com/support).
- Immediate mitigations:
- Restrict network access to your Meatmeet device (firewall it from the public internet)
- Monitor for unauthorized BLE connections