CVE-2024-2104 HIGH

CVE-2024-2104: JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

Vendor Jbl
Product LIVE PRO 2 TWS
Weakness CWE-306 · Missing auth
Published December 10, 2025
Last update December 10, 2025

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

Key dates

02Disclosure timeline

December 10, 2025 CVE published
December 10, 2025 Record updated