PatchSiren cyber security CVE debrief
CVE-2024-34268 EQ-3 CVE debrief
The CVE record indicates that EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to version 1.46 allows unsecured Bluetooth connections. This vulnerability, with a CVSS score of 7.1, could allow attackers to gain full access to the device without authentication. Organizations and individuals using EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostats should assess their exposure and take necessary actions to secure their devices. The vulnerability class is related to insecure Bluetooth connections, which could have a significant operational impact if exploited.
- Vendor
- EQ-3
- Product
- Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Organizations and individuals using EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostats should assess their exposure and take necessary actions to secure their devices. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and implement measures to prevent exploitation of this vulnerability.
Technical summary
CVE-2024-34268 is a vulnerability in EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to version 1.46. The vulnerability allows unsecured Bluetooth connections, potentially enabling attackers to gain unauthorized access to the device. The CVSS score for this vulnerability is 7.1, indicating a high severity level. This vulnerability is related to the device's Bluetooth connectivity and does not require authentication for exploitation.
Defensive priority
High priority should be given to updating or patching EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware to a version that addresses this vulnerability.
Recommended defensive actions
- Inventory and assess EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat devices for exposure
- Apply firmware updates or patches if available
- Implement secure Bluetooth connection practices
- Monitor device activity for suspicious behavior
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record and NVD detail provide information on this vulnerability. However, further investigation is needed to fully understand the scope and potential impact. The EQ-3 Eqiva CC-RT-BLE Bluetooth Smart Radiator Thermostat Firmware up to version 1.46 allows unsecured Bluetooth connections, potentially enabling attackers to gain unauthorized access to the device. Organizations should verify their exposure and review available patches or updates. Defensive measures include monitoring device activity for suspicious behavior and implementing secure Bluetooth connection practices.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T21:17:18.890Z and has not been modified since then.