JBL Bluetooth Devices Denial-of-Service Vulnerability via Improper Connection Request Validation
Vulnerability
A denial-of-service vulnerability has been identified in certain JBL Bluetooth speakers due to improper validation of the channel map field in Bluetooth Low Energy (BLE) connection requests. This flaw allows an unauthorized attacker within Bluetooth range to send a specially crafted packet that causes the device to crash or enter a deadlock state, disrupting music playback and disconnecting active connections. Recovery from this state requires a manual reboot of the device, as automatic reconnection is not possible.
Impact
Exploitation of this vulnerability causes the affected device to crash or become unresponsive, interrupting music playback and disconnecting all Bluetooth connections. Users must manually reboot the device to restore functionality.
Remediation
As of now, no fix is available for this vulnerability. Users must manually reboot their devices to restore normal operation.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.