汇总 jbl 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 拒绝服务,在 生产负载与软件部署 使用场景中可能带来 应用崩溃 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2023-37215 | JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | [email protected] | 6.2 | 0.35% | 2023-07-30 | 2026-06-17 |
| CVE-2021-28155 | The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. | [email protected] | 6.5 | 0.45% | 2021-09-07 | 2026-06-16 |
| CVE-2021-38548 | JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LE | [email protected] | 5.9 | 1.29% | 2021-08-11 | 2026-06-17 |