CVE-2024-2104

JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

CVSS 8.8 HIGHEPSS 0.2%CWE-306

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

JBL · LIVE PRO 2 TWS JBL · TUNE FLEX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://certvde.com/en/advisories/VDE-2024-076 https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json