Search criteria
2 vulnerabilities found for Boombox 3 by JBL
CVE-2024-2105 (GCVE-0-2024-2105)
Vulnerability from nvd – Published: 2025-12-10 13:01 – Updated: 2025-12-10 15:49
VLAI?
Title
JBL: Improper validation of ICM field in connection requests
Summary
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
Severity ?
6.5 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Mattar Bernhard from Hummus Sec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T15:49:43.543497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T15:49:54.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flip 5",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Flip 6",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pulse 4",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pulse 5",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boombox 2",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boombox 3",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xtreme 3",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mattar Bernhard from Hummus Sec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
}
],
"value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T13:01:54.421Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
},
{
"url": "https://certvde.com/en/advisories/VDE-2025-089"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JBL: Improper validation of ICM field in connection requests",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-2105",
"datePublished": "2025-12-10T13:01:54.421Z",
"dateReserved": "2024-03-01T16:45:43.784Z",
"dateUpdated": "2025-12-10T15:49:54.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-2105 (GCVE-0-2024-2105)
Vulnerability from cvelistv5 – Published: 2025-12-10 13:01 – Updated: 2025-12-10 15:49
VLAI?
Title
JBL: Improper validation of ICM field in connection requests
Summary
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
Severity ?
6.5 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Mattar Bernhard from Hummus Sec
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T15:49:43.543497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T15:49:54.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flip 5",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Flip 6",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pulse 4",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Pulse 5",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boombox 2",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boombox 3",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Xtreme 3",
"vendor": "JBL",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mattar Bernhard from Hummus Sec"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
}
],
"value": "An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T13:01:54.421Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0002.json"
},
{
"url": "https://certvde.com/en/advisories/VDE-2025-089"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "JBL: Improper validation of ICM field in connection requests",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-2105",
"datePublished": "2025-12-10T13:01:54.421Z",
"dateReserved": "2024-03-01T16:45:43.784Z",
"dateUpdated": "2025-12-10T15:49:54.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}