CVE-2024-2105
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2024-2105, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: CERT VDE

Description

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-07-07
AI Q&A
2025-12-10
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
harman jbl_boombox_3 *
harman jbl_flip_6 *
harman jbl_boombox_2 *
harman jbl_pulse_5 *
harman jbl_xtreme_3 *
harman jbl_flip_5 *
harman jbl_pulse_4 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can cause affected JBL devices to crash or become unresponsive, halting music playback and disconnecting existing Bluetooth connections. Recovery requires a manual reboot by the user, as automatic reconnection is not possible. This leads to a denial of service and disruption of normal device usage. [1, 2]

Mitigation Strategies

Since no remediation or software fix is available for this vulnerability, the immediate mitigation step is to manually reboot the affected device if it crashes or enters a deadlock state due to an attack. Users should be aware that automatic reconnection is not possible after exploitation, so manual intervention is required to restore functionality. Additionally, limiting Bluetooth exposure or disabling Bluetooth when not in use may reduce the risk of exploitation. [1, 2]

Executive Summary

CVE-2024-2105 is a vulnerability in the Bluetooth Low Energy (BLE) controller of several JBL devices. It occurs due to improper validation of the channel map field in BLE connection requests. An unauthorized attacker within Bluetooth range can send a specially crafted invalid connection request packet that causes the affected device to crash or enter a deadlock state, resulting in a denial of service. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-2105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart