{"id":59699,"date":"2025-07-28T06:39:22","date_gmt":"2025-07-28T06:39:22","guid":{"rendered":""},"modified":"2025-09-29T02:50:46","modified_gmt":"2025-09-29T08:50:46","slug":"cve-2024-11857-critical-link-following-vulnerability-in-realtek-bluetooth-hci-adaptor","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2024-11857-critical-link-following-vulnerability-in-realtek-bluetooth-hci-adaptor\/","title":{"rendered":"<strong>CVE-2024-11857: Critical Link Following Vulnerability in Realtek Bluetooth HCI Adaptor<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability identified with CVE-2024-11857 is a critical flaw found in the Bluetooth HCI Adaptor produced by Realtek. It exposes systems to a Link Following vulnerability, which local threat actors could capitalize on to potentially manipulate files and escalate privileges. Given the widespread use of Realtek&#8217;s Bluetooth HCI Adaptor, this vulnerability could be exploited against a broad spectrum of targets, affecting individual <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-44955-critical-vulnerability-in-ruckus-network-director-allows-jail-users-to-gain-root-access\/\"  data-wpil-monitor-id=\"76012\">users and corporate networks<\/a> alike. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47998-severe-heap-based-buffer-overflow-vulnerability-in-windows-routing-and-remote-access-service\/\"  data-wpil-monitor-id=\"68534\">severity of this vulnerability<\/a> underscores the necessity of immediate action to mitigate potential damage.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2024-11857<br \/>\nSeverity: High (7.8 CVSS Score)<br \/>\nAttack Vector: Local<br \/>\nPrivileges Required: User<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-40738-critical-arbitrary-file-write-vulnerability-in-sinec-nms\/\"  data-wpil-monitor-id=\"66560\">Arbitrary file<\/a> deletion, potential system compromise, and data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2556601182\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Realtek Bluetooth HCI Adaptor | All Versions<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>An attacker with regular user privileges can exploit this vulnerability by creating a symbolic <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-49416-critical-php-remote-file-inclusion-vulnerability-in-fastw3b-llc-fw-gallery\/\"  data-wpil-monitor-id=\"66096\">link<\/a> with the same name as a specific file in the system. This causes the system to delete <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7443-critical-arbitrary-file-upload-vulnerability-in-berqwp-wordpress-plugin\/\"  data-wpil-monitor-id=\"69029\">arbitrary files<\/a> pointed to by the link. Following this, the attacker can leverage the arbitrary file deletion to escalate their privileges within the system, potentially <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7793-critical-vulnerability-in-tenda-fh451-leading-to-system-compromise\/\"  data-wpil-monitor-id=\"68533\">leading to system<\/a> compromise or leakage of sensitive data.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2282100887\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Consider the following conceptual command-line interface (CLI) example, which demonstrates how an attacker could <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7419-critical-vulnerability-discovered-in-tenda-o3v2-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"69030\">potentially exploit this vulnerability<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\"># Attacker creates a symbolic link to a critical system file\nln -s \/etc\/passwd .\/vulnerable_file\n# When the system interacts with the &#039;vulnerable_file&#039;, it&#039;s in fact interacting with the \/etc\/passwd file\nrm .\/vulnerable_file<\/code><\/pre>\n<p>In this example, the attacker has created a symbolic link to a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-41668-critical-file-replacement-leading-to-unauthorized-access\/\"  data-wpil-monitor-id=\"66302\">critical system file<\/a> (&#8216;\/etc\/passwd&#8217;). When the system attempts to delete the &#8216;vulnerable_file&#8217;, it will actually delete the &#8216;\/etc\/passwd&#8217; file, potentially disrupting <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-50067-critical-vulnerability-in-oracle-application-express-allowing-system-takeover\/\"  data-wpil-monitor-id=\"68535\">system operations and allowing<\/a> the attacker to escalate their privileges.<\/p>\n<p><strong>Recommended Mitigation<\/strong><\/p>\n<p>Users are advised to apply the vendor-provided patch as soon as <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54742-data-deserialization-vulnerability-in-wpevently-leading-to-possible-system-compromise\/\"  data-wpil-monitor-id=\"86501\">possible to mitigate this vulnerability<\/a>. In cases where immediate patching is not feasible, implementing Web Application Firewall (WAF) or Intrusion Detection Systems (IDS) can provide temporary mitigation. These systems can monitor for suspicious activities and block malicious traffic, preventing exploitation of this vulnerability. However, these should be considered temporary solutions, and the vendor patch should be applied as soon as practicable.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability identified with CVE-2024-11857 is a critical flaw found in the Bluetooth HCI Adaptor produced by Realtek. It exposes systems to a Link Following vulnerability, which local threat actors could capitalize on to potentially manipulate files and escalate privileges. Given the widespread use of Realtek&#8217;s Bluetooth HCI Adaptor, this vulnerability could be exploited [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-59699","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59699","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=59699"}],"version-history":[{"count":7,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59699\/revisions"}],"predecessor-version":[{"id":79287,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/59699\/revisions\/79287"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=59699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=59699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=59699"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=59699"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=59699"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=59699"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=59699"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=59699"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=59699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}