彙總 jbl 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 拒絕服務,在 生產負載與軟體部署 使用場景中可能帶來 應用程式崩潰 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-37215 | JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials | [email protected] | 6.2 | 0.35% | 2023-07-30 | 2026-06-17 |
| CVE-2021-28155 | The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data. | [email protected] | 6.5 | 0.44% | 2021-09-07 | 2026-06-16 |
| CVE-2021-38548 | JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LE | [email protected] | 5.9 | 1.29% | 2021-08-11 | 2026-06-17 |