diff --git a/src/classic/avrcp_target.c b/src/classic/avrcp_target.c
index 22cfaff56..2fa88795d 100644
--- a/src/classic/avrcp_target.c
+++ b/src/classic/avrcp_target.c
@@ -1170,12 +1170,16 @@ static void avrcp_handle_l2cap_data_packet_for_signaling_connection(avrcp_connec
 
                     connection->target_scope = packet[pos++];
                     if (connection->target_scope >= AVRCP_BROWSING_RFU){
-                        avrcp_target_vendor_dependent_response_accept(connection, pdu_id, AVRCP_STATUS_INVALID_PARAMETER);
+                        avrcp_target_response_vendor_dependent_reject(connection, pdu_id, AVRCP_STATUS_INVALID_PARAMETER);
                         return;
                     }
                     memcpy(connection->target_track_id, &packet[pos], 8);
                     pos += 8;
-                    connection->target_uid_counter = big_endian_read_16(packet,pos);
+                    uid_counter = big_endian_read_16(packet,pos);
+                    if (connection->target_uid_counter != uid_counter){
+                        avrcp_target_response_vendor_dependent_reject(connection, pdu_id, AVRCP_STATUS_PARAMETER_CONTENT_ERROR);
+                        return;
+                    }
                     connection->state = AVCTP_W2_CHECK_DATABASE;
                     avrcp_target_emit_respond_play_item(avrcp_target_context.avrcp_callback, connection->avrcp_cid, connection->target_uid_counter, connection->target_scope,connection->target_track_id);
                     break;