{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63049?format=json","vulnerability_id":"VCID-abuh-hq52-7ydx","summary":"Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.","aliases":[{"alias":"CVE-2024-2104"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json","reference_id":"hbsa-2025-0001.json","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T16:37:02Z/"}],"url":"https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json"},{"reference_url":"https://certvde.com/en/advisories/VDE-2024-076","reference_id":"VDE-2024-076","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-10T16:37:02Z/"}],"url":"https://certvde.com/en/advisories/VDE-2024-076"}],"weaknesses":[{"cwe_id":306,"name":"Missing Authentication for Critical Function","description":"The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources."}],"exploits":[],"severity_range_score":"8.8 - 8.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abuh-hq52-7ydx"}