CVE-2024-2104
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: CERT VDE

Description
Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-14
NVD
CVE-2024-2104
EUVD
EUVD-2024-27068
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
harman_international jbl_tune_flex *
harman_international jbl_live_pro_2_tws *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-2104 is a critical vulnerability in the Bluetooth Low Energy (BLE) Generic Attribute Profile (GATT) server of JBL LIVE PRO 2 TWS and JBL TUNE FLEX headphones. Due to improper BLE security configurations and lack of authentication on the GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service. This allows attackers to manipulate device settings, eavesdrop on data exchanges, and potentially send altered firmware updates, which could lead to unauthorized code execution or render the device unusable. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing an adjacent attacker to gain unauthorized control over your device settings, eavesdrop on your data exchanges, and send altered firmware updates. These actions can lead to unauthorized code execution on your device or make the device unusable, severely affecting confidentiality, integrity, and availability of the device. [1, 2]

Mitigation Strategies

Currently, there are no known mitigations or remediations available for this vulnerability. The vendor has indicated no fix is planned as of the latest update. Therefore, no immediate mitigation steps can be recommended based on the available information. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-2104. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart