Improper Bluetooth Security in Harman Mobile Device Management
CVE-2024-2104

8.8HIGH

Key Information:

Vendor: Jbl
Status: Live Pro 2 Tws; Tune Flex
Vendor: CVE Published:; 10 December 2025

What is CVE-2024-2104?

This vulnerability arises from inadequate security configurations on the Bluetooth Low Energy (BLE) GATT server of Harman's mobile device management system. An unauthenticated attacker, positioned within the vicinity of the device, can exploit this flaw to gain unauthorized read and write access to device control commands via the mobile app service, potentially leading to device malfunction or unintended behavior.

Affected Version(s)

LIVE PRO 2 TWS *

TUNE FLEX *

References

https://harman.csaf-tp.certvde.com/.well-known/csaf/white...

vendor-advisory

https://certvde.com/en/advisories/VDE-2024-076

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Mar 1, 2024

Credit

Mattar Bernhard from Hummus Sec

JSON

Jbl

What is CVE-2024-2104?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit