CVE-2024-6029 Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2024-6029

CVE-2024-6029 concerns the Tesla Model S Iris Modem firewall, where a race-condition flaw in the firewall service arises from a failure to obtain the xtables lock. This vulnerability allows network-adjacent attackers to bypass firewall rules without authentication. The issue is documented across ...

CVE-2024-6029 Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

PT-2025-18323 · Tesla · Tesla Model S

Name of the Vulnerable Software and Affected Versions: Tesla Model S affected versions not specified Description: This issue allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. The flaw exists within the firewall service due to a failure ...

PT-2025-18326 · Tesla · Tesla Model S Iris Modem

Name of the Vulnerable Software and Affected Versions: Tesla Model S Iris Modem affected versions not specified Description: This issue allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. The flaw exists within the ql atfwd process due to the lack of proper...

(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the...

CVE-2024-6199

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem...

CVE-2024-6199 Unauthenticated Remote Code Execution

An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include code that forces a buffer overflow on the modem. Customers that have not enabled Dynamic DNS on their modem...

CVE-2024-6199

CVE-2024-6199 describes an unauthenticated remote code execution vector on the WAN interface via interception of Dynamic DNS (DDNS) traffic, enabling an attacker to inject responses that trigger a buffer overflow in the modem. Reported impact includes ability to execute code on affected devices, ...

PT-2025-17903 · Viasat · Eg1000 +4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker on the WAN interface, with the ability to intercept Dynamic DNS DDNS traffic between DDNS services and the modem, could manipulate specific responses to include...

System V Derived /bin/login Extraneous Arguments Buffer Overflow

This exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments. Module Options msf use exploit/solaris/dialup/manyargs msf exploitmanyargs show targets...

PT-2025-15614 · Samsung · Exynos 1080 Firmware +17

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400 Description: A Heap-based Out-of-Bounds Write...

CVE-2025-20659

The CVE-2025-20659 entry concerns a vulnerability in Modem where improper input validation can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and has an adjacent attack vector with no privileges require...

CVE-2025-20659

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

PT-2025-15199 · Qualcomm · Snapdragon +57

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: Memory corruption can occur when the software processes addresses from TZ and MPSS requests without proper validation. Recommendations: At the moment, there is no information about a newer...

CVE-2024-56188

there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-56188

there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-56188

CVE-2024-56188 affects Google Pixel devices with a modem component vulnerability caused by a missing null check, enabling Denial of Service. Reports consistently describe DoS without user interaction and without extra privileges. Pixel Update Bulletin (March 2025) lists CVE-2024-56188 under the M...

CVE-2024-56188

there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-56188

there is a possible way to crash the modem due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...