HBSA-2025-0001

Vulnerability from csaf_harmaninternational - Published: 2025-12-10 07:00 - Updated: 2025-12-10 07:00
Summary
BLE GATT Service Vulnerability in JBL Headphones
Notes
Summary: Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.
Impact: The vulnerabilities in headphones allow attackers to control settings, eavesdrop on data exchanges, and tamper with the device by sending altered firmware updates, potentially leading to unauthorized code execution or rendering the device unusable.
Mitigation: There is no known mitigation at this moment.
Remediation: There is no known remediation at this moment.
CWE-306 - Missing Authentication for Critical Function
Affected products
Product Identifier Version Remediation
JBL LIVE PRO 2 TWS
JBL
500363881150500363880540500363881220500363880610500363880470500363880920500363880850500363880780500363926170500363881080500363880230500363926310500363881390500363880300500363926240500363926486925281997105692528199702012001300014516925281997044692528199711269252819970516925281997037692528199708269252819970751200130006340692528199706869252819970446925281997099692528199701369252819971296925281997020692528199701349689292149694968929214952496892921496949689292149384968929214945
No Fix Planned
JBL TUNE FLEX
JBL
050036390026050036390361050036390323050036390019500363937440500363900020500363903300500363937370500363903920500363970180500363903470500363900330500363903780500363903850500363900400500363903540500363970250500363937200500363900570500363970016925281930591692528193425469252819336396925281957994692528195794969252819305846925281929298692528193461212001300032576925281934285120013000325769252819346296925281930607692528193426169252819342786925281958007692528193104869252819342471200130003264120013000324069252819312391200130003240496892921723649689292172434968929217250
No Fix Planned
Acknowledgments
CERT@VDE certvde.com
Hummus Sec Mattar Bernhard
Hummus Sec Mattar Bernhard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordinating",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Mattar Bernhard"
        ],
        "organization": "Hummus Sec",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The vulnerabilities in headphones allow attackers to control settings, eavesdrop on data exchanges, and tamper with the device by sending altered firmware updates, potentially leading to unauthorized code execution or rendering the device unusable.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "There is no known mitigation at this moment.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "There is no known remediation at this moment.",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productsecurity@harman.com",
      "name": "Harman International",
      "namespace": "https://www.harman.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Harman",
        "url": "https://certvde.com/en/advisories/vendor/harmann/"
      },
      {
        "category": "self",
        "summary": "HBSA-2025-0001: BLE GATT Service Vulnerability in JBL Headphones - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-076"
      },
      {
        "category": "self",
        "summary": "HBSA-2025-0001: BLE GATT Service Vulnerability in JBL Headphones - CSAF",
        "url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json"
      }
    ],
    "title": "BLE GATT Service Vulnerability in JBL Headphones",
    "tracking": {
      "aliases": [
        "VDE-2024-076"
      ],
      "current_release_date": "2025-12-10T07:00:00.000Z",
      "generator": {
        "date": "2025-12-08T13:40:27.413Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.41"
        }
      },
      "id": "HBSA-2025-0001",
      "initial_release_date": "2025-12-10T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-12-10T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "LIVE PRO 2 TWS",
            "product": {
              "name": "JBL LIVE PRO 2 TWS",
              "product_id": "CSAFPID-0001",
              "product_identification_helper": {
                "skus": [
                  "50036388115",
                  "050036388054",
                  "050036388122",
                  "050036388061",
                  "050036388047",
                  "050036388092",
                  "050036388085",
                  "050036388078",
                  "050036392617",
                  "050036388108",
                  "050036388023",
                  "050036392631",
                  "050036388139",
                  "050036388030",
                  "050036392624",
                  "050036392648",
                  "6925281997105",
                  "6925281997020",
                  "1200130001451",
                  "6925281997044",
                  "6925281997112",
                  "6925281997051",
                  "6925281997037",
                  "6925281997082",
                  "6925281997075",
                  "1200130006340",
                  "6925281997068",
                  "6925281997044",
                  "6925281997099",
                  "6925281997013",
                  "6925281997129",
                  "6925281997020",
                  "6925281997013",
                  "4968929214969",
                  "4968929214952",
                  "4968929214969",
                  "4968929214938",
                  "4968929214945"
                ]
              }
            }
          },
          {
            "category": "product_name",
            "name": "TUNE FLEX",
            "product": {
              "name": "JBL TUNE FLEX",
              "product_id": "CSAFPID-0002",
              "product_identification_helper": {
                "skus": [
                  "050036390026",
                  "050036390361",
                  "050036390323",
                  "050036390019",
                  "50036393744",
                  "050036390002",
                  "050036390330",
                  "050036393737",
                  "050036390392",
                  "050036397018",
                  "050036390347",
                  "050036390033",
                  "050036390378",
                  "050036390385",
                  "050036390040",
                  "050036390354",
                  "050036397025",
                  "050036393720",
                  "050036390057",
                  "050036397001",
                  "6925281930591",
                  "6925281934254",
                  "6925281933639",
                  "6925281957994",
                  "6925281957949",
                  "6925281930584",
                  "6925281929298",
                  "6925281934612",
                  "1200130003257",
                  "6925281934285",
                  "1200130003257",
                  "6925281934629",
                  "6925281930607",
                  "6925281934261",
                  "6925281934278",
                  "6925281958007",
                  "6925281931048",
                  "6925281934247",
                  "1200130003264",
                  "1200130003240",
                  "6925281931239",
                  "1200130003240",
                  "4968929217236",
                  "4968929217243",
                  "4968929217250"
                ]
              }
            }
          }
        ],
        "category": "vendor",
        "name": "JBL"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ],
        "summary": "Affected products."
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Mattar Bernhard"
          ],
          "organization": "Hummus Sec",
          "summary": "reporting"
        }
      ],
      "cve": "CVE-2024-2104",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2023-08-10T10:00:00.000Z",
      "notes": [
        {
          "audience": "all",
          "category": "general",
          "text": "Due to improper BLE security configurations on the device\u0027s GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable. ",
          "title": "Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "release_date": "2024-03-01T11:00:00.000Z",
      "remediations": [
        {
          "category": "no_fix_planned",
          "date": "2025-07-01T10:00:00.000Z",
          "details": "No fix available",
          "group_ids": [
            "CSAFGID-0001"
          ],
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "JBL: Improper BLE security configurations and lack of authentication on the device\u0027s GATT server"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…