diff --git a/lib/mgmt.h b/lib/mgmt.h
index fa684e8..5414ea6 100644
--- a/lib/mgmt.h
+++ b/lib/mgmt.h
@@ -357,10 +357,10 @@ struct mgmt_ev_auth_failed {
 #define MGMT_EV_DEVICE_FOUND		0x0011
 struct mgmt_ev_device_found {
 	struct mgmt_addr_info addr;
-	uint8_t dev_class[3];
 	int8_t rssi;
 	uint8_t confirm_name;
-	uint8_t eir[HCI_MAX_EIR_LENGTH];
+	uint16_t eir_len;
+	uint8_t eir[0];
 } __packed;
 
 #define MGMT_EV_DISCOVERING		0x0012
diff --git a/mgmt/main.c b/mgmt/main.c
index d13d19f..096a8a4 100644
--- a/mgmt/main.c
+++ b/mgmt/main.c
@@ -547,21 +547,28 @@ static void confirm_name_rsp(int mgmt_sk, uint16_t op, uint16_t id,
 static int mgmt_device_found(int mgmt_sk, uint16_t index,
 				struct mgmt_ev_device_found *ev, uint16_t len)
 {
-	if (len != sizeof(*ev)) {
+	uint16_t eir_len;
+
+	if (len < sizeof(*ev)) {
 		fprintf(stderr,
-			"Invalid device_found event length (%u bytes)\n", len);
+			"Too short device_found length (%u bytes)\n", len);
+		return -EINVAL;
+	}
+
+	eir_len = bt_get_le16(&ev->eir_len);
+	if (len != sizeof(*ev) + eir_len) {
+		fprintf(stderr, "dev_found: expected %zu bytes, got %zu bytes",
+						sizeof(*ev) + eir_len, len);
 		return -EINVAL;
 	}
 
 	if (monitor || discovery) {
 		char addr[18];
 		ba2str(&ev->addr.bdaddr, addr);
-		printf("hci%u dev_found: %s type %s class 0x%02x%02x%02x "
-			"rssi %d confirm_name %u eir (%s)\n", index, addr,
+		printf("hci%u dev_found: %s type %s rssi %d "
+			"confirm_name %u eir_len %u\n", index, addr,
 			typestr(ev->addr.type),
-			ev->dev_class[2], ev->dev_class[1], ev->dev_class[0],
-			ev->rssi, ev->confirm_name,
-			ev->eir[0] == 0 ? "no" : "yes");
+			ev->rssi, ev->confirm_name, eir_len);
 	}
 
 	if (discovery && ev->confirm_name) {
diff --git a/plugins/mgmtops.c b/plugins/mgmtops.c
index c931985..e7e9d5e 100644
--- a/plugins/mgmtops.c
+++ b/plugins/mgmtops.c
@@ -1276,11 +1276,18 @@ static void mgmt_device_found(int sk, uint16_t index, void *buf, size_t len)
 	struct mgmt_ev_device_found *ev = buf;
 	struct controller_info *info;
 	char addr[18];
+	uint16_t eir_len;
 	uint8_t *eir;
 
-	if (len != sizeof(*ev)) {
+	if (len < sizeof(*ev)) {
+		error("mgmt_device_found too short (%zu bytes)", len);
+		return;
+	}
+
+	eir_len = bt_get_le16(&ev->eir_len);
+	if (len != sizeof(*ev) + eir_len) {
 		error("mgmt_device_found length %zu instead of expected %zu",
-							len, sizeof(*ev));
+						len, sizeof(*ev) + eir_len);
 		return;
 	}
 
@@ -1291,19 +1298,19 @@ static void mgmt_device_found(int sk, uint16_t index, void *buf, size_t len)
 
 	info = &controllers[index];
 
-	if (ev->eir[0] == 0)
+	if (eir_len == 0)
 		eir = NULL;
 	else
 		eir = ev->eir;
 
 	ba2str(&ev->addr.bdaddr, addr);
-	DBG("hci%u addr %s, rssi %d cfm_name %u %s", index, addr, ev->rssi,
-					ev->confirm_name, eir ? "eir" : "");
+	DBG("hci%u addr %s, rssi %d cfm_name %u eir_len %u", index, addr, ev->rssi,
+					ev->confirm_name, eir_len);
 
 	btd_event_device_found(&info->bdaddr, &ev->addr.bdaddr,
 						mgmt_addr_type(ev->addr.type),
 						ev->rssi, ev->confirm_name,
-						eir, HCI_MAX_EIR_LENGTH);
+						eir, eir_len);
 }
 
 static void mgmt_discovering(int sk, uint16_t index, void *buf, size_t len)