HBSA-2025-0001
Vulnerability from csaf_harmaninternational - Published: 2025-12-10 07:00 - Updated: 2025-12-10 07:00Summary
BLE GATT Service Vulnerability in JBL Headphones
Notes
Summary: Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.
Impact: The vulnerabilities in headphones allow attackers to control settings, eavesdrop on data exchanges, and tamper with the device by sending altered firmware updates, potentially leading to unauthorized code execution or rendering the device unusable.
Mitigation: There is no known mitigation at this moment.
Remediation: There is no known remediation at this moment.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
JBL LIVE PRO 2 TWS
JBL
|
500363881150500363880540500363881220500363880610500363880470500363880920500363880850500363880780500363926170500363881080500363880230500363926310500363881390500363880300500363926240500363926486925281997105692528199702012001300014516925281997044692528199711269252819970516925281997037692528199708269252819970751200130006340692528199706869252819970446925281997099692528199701369252819971296925281997020692528199701349689292149694968929214952496892921496949689292149384968929214945
|
— |
No Fix Planned
|
|
JBL TUNE FLEX
JBL
|
050036390026050036390361050036390323050036390019500363937440500363900020500363903300500363937370500363903920500363970180500363903470500363900330500363903780500363903850500363900400500363903540500363970250500363937200500363900570500363970016925281930591692528193425469252819336396925281957994692528195794969252819305846925281929298692528193461212001300032576925281934285120013000325769252819346296925281930607692528193426169252819342786925281958007692528193104869252819342471200130003264120013000324069252819312391200130003240496892921723649689292172434968929217250
|
— |
No Fix Planned
|
References
3 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordinating",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Mattar Bernhard"
],
"organization": "Hummus Sec",
"summary": "reporting"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Due to improper BLE security configurations and lack of authentication on the GATT server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX Headphones, unauthenticated users can read and write device control commands through the mobile app service.",
"title": "Summary"
},
{
"category": "description",
"text": "The vulnerabilities in headphones allow attackers to control settings, eavesdrop on data exchanges, and tamper with the device by sending altered firmware updates, potentially leading to unauthorized code execution or rendering the device unusable.",
"title": "Impact"
},
{
"category": "description",
"text": "There is no known mitigation at this moment.",
"title": "Mitigation"
},
{
"category": "description",
"text": "There is no known remediation at this moment.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productsecurity@harman.com",
"name": "Harman International",
"namespace": "https://www.harman.com"
},
"references": [
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Harman",
"url": "https://certvde.com/en/advisories/vendor/harmann/"
},
{
"category": "self",
"summary": "HBSA-2025-0001: BLE GATT Service Vulnerability in JBL Headphones - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-076"
},
{
"category": "self",
"summary": "HBSA-2025-0001: BLE GATT Service Vulnerability in JBL Headphones - CSAF",
"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json"
}
],
"title": "BLE GATT Service Vulnerability in JBL Headphones",
"tracking": {
"aliases": [
"VDE-2024-076"
],
"current_release_date": "2025-12-10T07:00:00.000Z",
"generator": {
"date": "2025-12-08T13:40:27.413Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.41"
}
},
"id": "HBSA-2025-0001",
"initial_release_date": "2025-12-10T07:00:00.000Z",
"revision_history": [
{
"date": "2025-12-10T07:00:00.000Z",
"number": "1.0.0",
"summary": "Initial version"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "LIVE PRO 2 TWS",
"product": {
"name": "JBL LIVE PRO 2 TWS",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"50036388115",
"050036388054",
"050036388122",
"050036388061",
"050036388047",
"050036388092",
"050036388085",
"050036388078",
"050036392617",
"050036388108",
"050036388023",
"050036392631",
"050036388139",
"050036388030",
"050036392624",
"050036392648",
"6925281997105",
"6925281997020",
"1200130001451",
"6925281997044",
"6925281997112",
"6925281997051",
"6925281997037",
"6925281997082",
"6925281997075",
"1200130006340",
"6925281997068",
"6925281997044",
"6925281997099",
"6925281997013",
"6925281997129",
"6925281997020",
"6925281997013",
"4968929214969",
"4968929214952",
"4968929214969",
"4968929214938",
"4968929214945"
]
}
}
},
{
"category": "product_name",
"name": "TUNE FLEX",
"product": {
"name": "JBL TUNE FLEX",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"050036390026",
"050036390361",
"050036390323",
"050036390019",
"50036393744",
"050036390002",
"050036390330",
"050036393737",
"050036390392",
"050036397018",
"050036390347",
"050036390033",
"050036390378",
"050036390385",
"050036390040",
"050036390354",
"050036397025",
"050036393720",
"050036390057",
"050036397001",
"6925281930591",
"6925281934254",
"6925281933639",
"6925281957994",
"6925281957949",
"6925281930584",
"6925281929298",
"6925281934612",
"1200130003257",
"6925281934285",
"1200130003257",
"6925281934629",
"6925281930607",
"6925281934261",
"6925281934278",
"6925281958007",
"6925281931048",
"6925281934247",
"1200130003264",
"1200130003240",
"6925281931239",
"1200130003240",
"4968929217236",
"4968929217243",
"4968929217250"
]
}
}
}
],
"category": "vendor",
"name": "JBL"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"summary": "Affected products."
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Mattar Bernhard"
],
"organization": "Hummus Sec",
"summary": "reporting"
}
],
"cve": "CVE-2024-2104",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"discovery_date": "2023-08-10T10:00:00.000Z",
"notes": [
{
"audience": "all",
"category": "general",
"text": "Due to improper BLE security configurations on the device\u0027s GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable. ",
"title": "Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"release_date": "2024-03-01T11:00:00.000Z",
"remediations": [
{
"category": "no_fix_planned",
"date": "2025-07-01T10:00:00.000Z",
"details": "No fix available",
"group_ids": [
"CSAFGID-0001"
],
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "JBL: Improper BLE security configurations and lack of authentication on the device\u0027s GATT server"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…