What is the Amp'ed RF BT-AP 111 CVE-2025-9994 vulnerability?

CVE-2025-9994 is a critical vulnerability with a CVSS score of 9.8 affecting the Amp'ed RF BT-AP 111 Bluetooth Access Point. The vulnerability is a complete absence of authentication mechanisms, allowing any user who can reach the device's HTTP port to immediately view and modify all administrative settings without any form of identity verification.

How severe is the CVE-2025-9994 vulnerability?

CVE-2025-9994 is rated as critical with a CVSS score of 9.8, representing maximum severity. The vulnerability allows complete unauthorized access to administrative functions without any authentication requirements.

What can attackers do by exploiting CVE-2025-9994?

Any user who can reach the device's HTTP port through network access can immediately view and modify all administrative settings without providing any form of identity verification. This includes changing device configurations, monitoring Bluetooth connections, and potentially gaining access to connected devices.

Is there a firmware update available to fix CVE-2025-9994?

No, there are currently no vendor-provided security updates available. Given the absence of vendor response and no possibility of implementing authentication controls through configuration, no patch is currently available.

What network security measures should be implemented for BT-AP 111 devices?

Network administrators should implement VLAN segmentation to create isolated network segments specifically for BT-AP 111 devices, restrict access to the device's HTTP administrative interface through firewall rules, and monitor network traffic to and from these devices for unauthorized access attempts.

What makes CVE-2025-9994 particularly dangerous?

The vulnerability is particularly dangerous because it represents a complete absence of authentication mechanisms rather than a bypassable security control. There is no way to configure authentication on the device, making it inherently insecure when accessible via network connections.

What enterprise environments typically use BT-AP 111 devices?

The BT-AP 111 is designed for enterprise environments where Bluetooth-to-Ethernet bridging is required, serving as either an access point or Bluetooth gateway. It's commonly used in industrial settings, IoT deployments, and enterprise networks requiring Bluetooth connectivity integration.

Who discovered the CVE-2025-9994 vulnerability?

The vulnerability was identified by security researchers and reported through CERT/CC (Computer Emergency Response Team Coordination Center), who have attempted to contact the vendor but received no response.

What immediate actions should BT-AP 111 users take?

Users should immediately implement network isolation for BT-AP 111 devices through VLAN segmentation, restrict HTTP port access through firewall rules, monitor for unauthorized access attempts, and evaluate replacing the devices with more secure alternatives if operating in security-sensitive environments.

Are there any workarounds for the BT-AP 111 authentication vulnerability?

The only effective workarounds are network-level security controls including VLAN isolation, firewall restrictions on HTTP port access, and physical security measures to prevent unauthorized network access to the devices. Device-level security cannot be implemented due to the complete absence of authentication mechanisms.

Advisory

Critical authentication bypass flaw reported in Amp'ed RF BT-AP 111 Bluetooth access point

Q: What is the Amp'ed RF BT-AP 111 device?

The Amp'ed RF BT-AP 111 is a Bluetooth-to-Ethernet bridge device designed to function as either an access point or Bluetooth gateway in enterprise environments. The device supports Universal Plug and Play (UPnP) functionality on the Ethernet side while simultaneously acting as a UART Serial device capable of handling up to seven concurrent Bluetooth connections.

Q: How can organizations protect BT-AP 111 devices from CVE-2025-9994?

Organizations must rely on network-level security isolation to protect deployed BT-AP 111 devices. Network administrators should implement VLAN segmentation to create isolated network segments specifically for BT-AP 111 devices and restrict HTTP port access to authorized personnel only.

Q: Should organizations replace their BT-AP 111 devices?

Yes, until Amp'ed RF releases firmware updates that implement proper authentication and authorization controls, organizations operating in security-sensitive environments should strongly consider replacing BT-AP 111 devices with alternative Bluetooth access point solutions that provide adequate security controls.

published: Sept. 11, 2025

Take action: If you have Amp'ed RF BT-AP 111 Bluetooth Access Points, make sure they are isolated on a separate VLAN since they have no authentication protection on their admin interface, and there is no vendor patch. Consider replacing these devices entirely.

Learn More

Security researchers have identified a critical vulnerability in the Amp'ed RF BT-AP 111 Bluetooth Access Point that exposes its HTTP-based administrative interface without any authentication controls.

The Amp'ed RF BT-AP 111 serves as a Bluetooth-to-Ethernet bridge device designed to function as either an access point or Bluetooth gateway in enterprise environments. The device supports Universal Plug and Play (UPnP) functionality on the Ethernet side while simultaneously acting as a UART Serial device capable of handling up to seven concurrent Bluetooth connections

The vulnerability is tracked as CVE-2025-9994 (CVSS score 9.8), is a complete absence of authentication mechanisms. Any user who can reach the device's HTTP port through network access can immediately view and modify all administrative settings without providing any form of identity verification.

CERT/CC researchers have attempted to contact Amp'ed RF regarding this vulnerability but have not received any response from the vendor.

Given the absence of vendor-provided security updates and the no possibility of implementing authentication controls, organizations must rely on network-level security isolation to protect deployed BT-AP 111 devices.

Network administrators should implement VLAN segmentation to create isolated network segments specifically for BT-AP 111 devices. Until Amp'ed RF releases firmware updates that implement proper authentication and authorization controls, organizations operating in security-sensitive environments should strongly consider replacing BT-AP 111 devices with alternative Bluetooth access point solutions that provide adequate security controls.

Critical authentication bypass flaw reported in Amp'ed RF BT-AP 111 Bluetooth access point

Read More
Multiple critical vulnerabilities reported in Festo industrial controllers
Multiple vulnerabilities in Siemens User Management Component affect …
Johnson Controls reports critical vulnerability in ICU tool
Team82 Researchers report multiple flaws in Axis Communications …
Multiple Vulnerabilities Reported in EVMAPA Electric Vehicle Charging …