Improper Bluetooth Security in Harman Mobile Device Management
CVE-2024-2104

8.8HIGH

Key Information:

Vendor: Jbl
Status: Live Pro 2 Tws; Tune Flex
Vendor: CVE Published:; 10 December 2025

What is CVE-2024-2104?

This vulnerability arises from inadequate security configurations on the Bluetooth Low Energy (BLE) GATT server of Harman's mobile device management system. An unauthenticated attacker, positioned within the vicinity of the device, can exploit this flaw to gain unauthorized read and write access to device control commands via the mobile app service, potentially leading to device malfunction or unintended behavior.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LIVE PRO 2 TWS *

TUNE FLEX *

References

https://harman.csaf-tp.certvde.com/.well-known/csaf/white...

vendor-advisory

https://certvde.com/en/advisories/VDE-2024-076

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Mar 1, 2024

Credit

Mattar Bernhard from Hummus Sec

JSON

Jbl

What is CVE-2024-2104?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.