CVE-2024-2105
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: CERT VDE

Description
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2024-2105
EUVD
EUVD-2024-27069
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
harman jbl_boombox_3 *
harman jbl_flip_6 *
harman jbl_boombox_2 *
harman jbl_pulse_5 *
harman jbl_xtreme_3 *
harman jbl_flip_5 *
harman jbl_pulse_4 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can cause affected JBL devices to crash or become unresponsive, halting music playback and disconnecting existing Bluetooth connections. Recovery requires a manual reboot by the user, as automatic reconnection is not possible. This leads to a denial of service and disruption of normal device usage. [1, 2]

Executive Summary

CVE-2024-2105 is a vulnerability in the Bluetooth Low Energy (BLE) controller of several JBL devices. It occurs due to improper validation of the channel map field in BLE connection requests. An unauthorized attacker within Bluetooth range can send a specially crafted invalid connection request packet that causes the affected device to crash or enter a deadlock state, resulting in a denial of service. [1, 2]

Mitigation Strategies

Since no remediation or software fix is available for this vulnerability, the immediate mitigation step is to manually reboot the affected device if it crashes or enters a deadlock state due to an attack. Users should be aware that automatic reconnection is not possible after exploitation, so manual intervention is required to restore functionality. Additionally, limiting Bluetooth exposure or disabling Bluetooth when not in use may reduce the risk of exploitation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-2105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart