CVE-2021-28155

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data...

CVE-2024-2105

CVE-2024-2105 concerns JBL Bluetooth audio devices where an unauthorised nearby attacker can trigger a deadlock during BLE connection requests due to improper validation of the ICM field. Related records reference JBL products but do not disclose exact affected versions, exploit details, or remed...

CVE-2024-2104

CVE-2024-2104 describes an improper BLE security configuration on a device GATT server that enables an adjacent, unauthenticated attacker to read and write device control commands via the mobile app service, potentially rendering the device unusable. Multiple connected sources (including JBL/CVE ...

CVE-2024-2104 JBL: Improper BLE security configurations and lack of authentication on the device's GATT server

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

JBL LIVE PRO 2 TWS 访问控制错误漏洞

The JBL LIVE PRO 2 TWS is a wireless noise-canceling headset from JBL USA. An access control error vulnerability exists in the JBL LIVE PRO 2 TWS, which stems from a BLE security misconfiguration that could allow a neighboring unauthenticated attacker to read or write device control commands...

JBL多款产品 安全漏洞

JBL Flip and JBL Pulse are both a range of Bluetooth audio from JBL USA. A security vulnerability exists in various JBL products that stems from improper authentication of BLE connection requests, which could result in a deadlock on affected devices. The following products are affected: JBL Flip ...

EUVD-2021-14853

Malware in sbrugna...

EUVD-2021-24996

Malware in sbrugna...

EUVD-2023-41135

Malicious code in bioql PyPI...

CVE-2021-38548

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...

jblfilms.com Cross Site Scripting vulnerability OBB-3859646

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-37215

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials...

CVE-2023-37215

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials...

Hardcoded credentials

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials...

CVE-2023-37215 JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials...

CVE-2023-37215

CVE-2023-37215 affects JBL Soundbar Multibeam 5.1 with CWE-798 (hard-coded credentials). Affected: JBL soundbar multibeam 5.1. Root cause: hard-coded credentials in the device/software. Impact: per NVD metrics, high confidentiality, integrity, and availability risks (CVSSv3.1 base 9.8; attack vec...

CVE-2023-37215 JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials

JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials...

PT-2023-25833 · Jbl · Jbl Soundbar Multibeam 5.1

Name of the Vulnerable Software and Affected Versions: JBL soundbar multibeam 5.1 affected versions not specified Description: The issue concerns the use of hard-coded credentials, which is a security risk. There is no information provided about the estimated number of potentially affected device...

be.jbl.com Cross Site Scripting vulnerability OBB-2288374

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-28155

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data...