EUVD-2018-20912

Malware in sbrugna...

EUVD-2018-20905

Malware in sbrugna...

CVE-2025-34251

CVE-2025-34251 : Affected product is Tesla Telematics Control Unit (TCU) firmware prior to 2025.14. The root cause is an authentication bypass allowing the Android Debug Bridge (adbd) to run as root despite a lockdown check; adb push/pull and adb forward remain usable, and the USB port is exposed...

CVE-2025-34251 Tesla Telematics Control Unit (TCU) < v2025.14 Authentication Bypass

Tesla Telematics Control Unit TCU firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge adbd as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the...

Mercedes-Benz HERMES Certification Bypass Vulnerability (CNVD-2021-17723)

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. An authentication bypass vulnerability exists in the debug interface in Mercedes-Benz HERMES 1.5. An attacker with physical access to the device hardware could exploit this vulnerability to obtain syst...

Mercedes-Benz HERMES misconfiguration vulnerability (CNVD-2021-17721)

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. A misconfiguration vulnerability exists in the debug interface in Mercedes-Benz HERMES 1. An attacker with direct physical access to the device hardware could exploit the vulnerability to obtain cellul...

Mercedes-Benz HERMES Certification Bypass Vulnerability (CNVD-2021-17722)

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. An authentication bypass vulnerability exists in the debug interface in Mercedes-Benz HERMES 1. An attacker with physical access to the device hardware could exploit this vulnerability to obtain system...

Mercedes-Benz HERMES misconfiguration vulnerability (CNVD-2021-17724)

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. A misconfiguration vulnerability exists in the debug interface in Mercedes-Benz HERMES 1.5. An attacker with direct physical access to the device hardware could exploit the vulnerability to obtain...

Mercedes-Benz HERMES Certification Bypass Vulnerability

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. An authentication bypass vulnerability exists in the debug interface in Mercedes-Benz HERMES 2.1. An attacker with physical access to the device hardware could exploit this vulnerability to obtain syst...

Mercedes-Benz HERMES Misconfiguration Vulnerability

Mercedes-Benz HERMES is a telematics control unit equipped in Mercedes-Benz connected vehicles. A misconfiguration vulnerability exists in the debug interface in Mercedes-Benz HERMES 2.1. An attacker with direct physical access to the device hardware could exploit the vulnerability to obtain...

Reverse Engineering Tesla Hardware

TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14...

Automotive theft affects shipping security

Cars and ships – there’s not that much in common with two areas that we carry out a lot of research in to. One uses CAN for safety critical controls, the other uses serial and +/- 10V. Yet, security of the two sectors is linked through vehicle theft and fraud: Most modern vehicles have telematic...

BMW Automotive Telematics Control Unit Design Vulnerability

BMW vehicles etc. are automotive products of the German company BMW Bayerische Motoren Werke AG.Telematics Control Unit Telematic Communication Box or TCB is one of the automatic transmission control units used. A security vulnerability exists in the Telematics Control Unit on BMW vehicles models...

BMW Automotive Telematics Control Unit Design Vulnerability (CNVD-2018-11274)

BMW vehicles etc. are automotive products of the German company BMW Bayerische Motoren Werke AG.Telematics Control Unit Telematic Communication Box or TCB is one of the automatic transmission control units used. A security vulnerability exists in the Telematics Control Unit in BMW vehicles vehicl...

CVE-2018-9318

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-9311

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

Design/Logic Flaw

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-9318

CVE-2018-9318 concerns BMW vehicles (2012–2018) with the Telematics Control Unit (TCB). The issue allows a remote attack over a cellular network by exploiting the TCB, with NVD indicating a critical impact (CVSSv3: 9.8, network, no user interaction, high confidentiality/integrity/availability). T...

CVE-2018-9318

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-9311

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...