CVE-2024-2104

Sažetak

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.

Reference

https://certvde.com/en/advisories/VDE-2024-076
https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

12-12-2025 - 15:18

Objavljeno

10-12-2025 - 13:16