PT-2026-25390

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted CAN frames are processed. In deployments where tattu can is enabled and running, a CAN-injection-capabl...

Cybercriminals Exploit CAN Injection Hack to Steal Cars

By Waqas If it is connected, it is vulnerable; in this case, a Toyota RAV4 model was stolen within two minutes. This is a post from HackRead.com Read the original post: Cybercriminals Exploit CAN Injection Hack to Steal Cars...

CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

CVE-2018-1170

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...