Exploit for CVE-2022-42005

Tesla Security Research Vulnerability research on the Tesla M...

CVE-2026-49318

This CVE affects the Infotainment / Digital Round display in the Indian Motorcycle Scout Bobber + Tech 2025 model year. The root cause is an incorrect behavior order during boot: the system uses the presence of Wireless Control Module (WCM) traffic as a proxy for whether an immobilizer is fitted....

CVE-2026-49317

The CVE CVE-2026-49317 affects the Infotainment Digital Round on the Indian Scout Bobber + Tech 2025 model year. The vulnerability arises when the boot window relies on Wireless Control Module (WCM) traffic as a proxy for immobilizer presence. If no WCM messages are observed (e.g., by silencing W...

CVE-2026-49317

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

PT-2026-44851

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese Indian Motorcycle company. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities stem from an error in the behavior sequence of the...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

JXL 9 Inch Car Android Double Din Player 安全漏洞

JXL 9 Inch Car Android Double Din Player is a vehicle infotainment system developed by JXL Corporation. Version 12.0 of the JXL 9 Inch Car Android Double Din Player contains a security vulnerability. This vulnerability arises from the ability for attackers to force the infotainment system to acce...

CVE-2025-69515

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

PT-2026-30982

An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location...

GHSA-PRXJ-3GCV-CQRH Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials

Summary A vulnerability in vehicle authentication allows threat actor with valid client credentials i.e., a private key and certificate from a rooted infotainment system to impersonate arbitrary VINs when authenticating to the telemetry server. Impact The attacker would be able to submit falsifie...

CVE-2025-32058

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code...

CVE-2025-32061

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on th...

EUVD-2025-206907

The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an attacker with code...

Bosch Infotainment ECU 安全漏洞

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability stems from the lack of proper boundary validation for the data provided to users. It may lead to a stack-based...

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

CVE-2025-32056 Anti-Theft Bypass for Infotainment ECU

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

God Mode On: how we attacked a vehicle’s head unit modem

Introduction Imagine you're cruising down the highway in your brand-new electric car. All of a sudden, the massive multimedia display fills with Doom, the iconic 3D shooter game. It completely replaces the navigation map or the controls menu, and you realize someone is playing it remotely right...

Exploit for CVE-2025-63895

JXLInfotainment-CVE-2025-63895 CVE-2025-63896 Attack...