Security Advisory-KNOB Atack Vulnerability
| Title | Security Advisory-KNOB Atack Vulnerability |
| Release Date | 2/10/2026 |
| Abstract | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. |
| CVE ID | CVE-2019-9506 |
| Affected Product | SONOFF NSPanel Pro Smart Home Control Panel-120 Type |
| Affected Version: | v4.2.3 and before |
| Impact | An unauthenticated, adjacent attacker can force two Bluetooth devices to use as low as 1 byte of entropy. This would make it easier for an attacker to brute force as it reduces the total number of possible keys to try, and would give them the ability to decrypt all of the traffic between the devices during that session. |
| Technical Details | The atacker intercepts the LMP encrypton key negotaton. The exploit sends an LMP_encrypton_key_size_req = 0x01. The NSPanel Pro device responds with LMP Accept, acceptng a 1-byte encrypton key. The connecton completes with downgraded encrypton.The devicedoes not enforceminimum 7–16 byte encrypton keys, making it susceptble to KNOB. The resultng 8-bit key is brute-forced instantly, allowing full trafc decrypton. |
| Resolution | Upgrade to firmware v4.4.0 and above |
















































