Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable.
https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json
https://certvde.com/en/advisories/VDE-2024-076
Source: Mitre, NVD
Published: 2025-12-10
Updated: 2026-04-15
Base Score: 8.3
Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C
Severity: High
Base Score: 8.8
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.00022