5 matches found
R7-2017-02: Hyundai Blue Link Potential Info Disclosure (FIXED)
Summary Due to a reliance on cleartext communications and the use of a hard-coded decryption password, two outdated versions of Hyundai Blue Link application software, 3.9.4 and 3.9.5 potentially expose sensitive information about registered users and their vehicles, including application...
Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability
Hyundai Motor America Blue Link is a remote wireless remote control device for use in automobiles. A sensitive information disclosure vulnerability exists in Hyundai Motor America Blue Link versions 3.9.5 and 3.9.4, which stems from the program's use of hard-coded passwords. An attacker could...
Code injection
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints...
CVE-2017-6054
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information...
CVE-2017-6052
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints...