Critical Vulnerability in Amp’ed RF BT-AP 111 Bluetooth Access Point Allows Attackers to Achieve Full Admin Access

A critical security vulnerability has been identified in the Amp’ed RF BT-AP 111 Bluetooth Access Point, posing significant risks to organisations due to an unauthenticated administrative interface. This device functions as a Bluetooth-to-Ethernet bridge, supporting both access point and gateway capabilities, yet it lacks essential authentication controls on its web-based management system. Designated as CVE-2025-9994, the vulnerability enables remote attackers with network access to gain complete administrative control over the device without needing any credentials. The flaw affects the device’s HTTP-based administrative interface, which oversees crucial functions such as Bluetooth configurations, network parameters, and security settings. Analysts from Carnegie Mellon University, through CERT Coordination Center research, highlighted the device’s failure to implement basic security controls, violating established NIST security guidelines, particularly SP 800-121 Rev. 2, which mandates authentication for Bluetooth devices at Service Level 2 or higher.

The vulnerability arises from a total lack of authentication mechanisms in the device’s web interface architecture. Unlike standard network devices that typically feature login screens or certificate-based authentication, the BT-AP 111 exposes its administrative panel directly to any user accessing its HTTP port. This design flaw allows attackers to modify device configurations, alter Bluetooth pairing settings, and potentially intercept or manipulate data traversing the bridge. Exploitation requires only network connectivity to the target device, making it vulnerable to both local network attackers and, in misconfigured environments, remote threats. In light of the vendor’s inadequate response to disclosure efforts, security professionals recommend isolating affected devices on segregated network segments that are inaccessible to untrusted users until appropriate authentication controls can be established. 

Categories: Security Vulnerability, Authentication Bypass, Device Management 

Tags: Vulnerability, Bluetooth, Access Point, Authentication, CVE-2025-9994, Administrative Interface, Security Risks, Network Access, Exploitation, NIST Guidelines