CVE-2024-2104 | THREATINT

Description

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

PUBLISHED Reserved 2024-03-01 | Published 2025-12-10 | Updated 2025-12-10 | Assigner CERTVDE

HIGH: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

affected

Default status

unaffected

affected

Credits

Mattar Bernhard from Hummus Sec reporter

References

harman.csaf-tp.certvde.com/...white/2025/hbsa-2025-0001.json vendor-advisory

certvde.com/en/advisories/VDE-2024-076 vendor-advisory

cve.org (CVE-2024-2104)

nvd.nist.gov (CVE-2024-2104)

Download JSON