CVE-2023-34761

low-risk

Published 2023-06-28

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Hello Cup

Affected Vendors

7-Eleven

References (4)

Exploit https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak

Third Party Advisory https://github.com/actuator/cve/blob/main/CVE-2023-34761

Exploit https://github.com/actuator/7-Eleven-Bluetooth-Smart-Cup-Jailbreak

Third Party Advisory https://github.com/actuator/cve/blob/main/CVE-2023-34761

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal