Security Advisory-KNOB Atack Vulnerability

Title Security Advisory-KNOB Atack Vulnerability
Release Date 2/10/2026
Abstract The Bluetooth BR/EDR specification up to and including  version 5.1 permits sufficiently low encryption key length  and does not prevent an attacker from influencing the key  length negotiation. This allows practical brute-force attacks  (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. 
CVE ID CVE-2019-9506
Affected Product SONOFF NSPanel Pro Smart Home Control Panel-120 Type
Affected Version: v4.2.3 and before
Impact An unauthenticated, adjacent attacker can force two Bluetooth devices to use as low as 1 byte of entropy. This would make it easier for an attacker to brute force as it reduces the total number of possible keys to try, and would give them the ability to decrypt all of the traffic between the devices during that session.
Technical Details The atacker intercepts the LMP encrypton key negotaton.
The exploit sends an LMP_encrypton_key_size_req = 0x01.
The NSPanel Pro device responds with LMP Accept, acceptng a 1-byte encrypton key.
The connecton completes with downgraded encrypton.The devicedoes not enforceminimum 7–16 byte encrypton keys, making it susceptble to KNOB.
The resultng 8-bit key is brute-forced instantly, allowing full trafc decrypton.
Resolution Upgrade to firmware v4.4.0  and above