Lucene search
K

57 matches found

Vulnrichment
Vulnrichment
added 2025/02/13 12:0 a.m.5 views

CVE-2023-34397

Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed...

6.9AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 12:0 a.m.79 views

CVE-2023-34404

CVE-2023-34404 affects the Mercedes‑Benz head‑unit NTG6. Public analyses describe an attack surface exposed by internal network access (Ethernet test pins on the Base Board) enabling a crafted port call to registered services in the router, which can lead to command injection via the GCF/MoCCA/Ne...

4.9CVSS7.4AI score0.00463EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/02/13 12:0 a.m.12 views

CVE-2023-34398

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference...

0.00624EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/13 12:0 a.m.13 views

CVE-2023-34397

Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed...

0.00587EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/13 12:0 a.m.8 views

PT-2025-6486 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue concerns the Mercedes-Benz head-unit NTG6, which has functions to import or export profile settings over USB. When parsing a file, the service attempts to...

7.5CVSS7.7AI score0.00624EPSS
Exploits0References5
CVE
CVE
added 2025/02/13 12:0 a.m.75 views

CVE-2023-34400

Summary (CVE-2023-34400): Mercedes-Benz head-unit NTG6 has a vulnerability in its USB-based import/export of profile settings. The parser may attempt to convert a header inside the imported file to a null-terminated string, and if a required character is missing, a null pointer is returned, poten...

7.5CVSS7AI score0.00624EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/20 12:0 a.m.6 views

PT-2025-1391 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6

Name of the Vulnerable Software and Affected Versions: Mercedes Benz head-unit NTG 6 affected versions not specified Description: The Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing, it is possible to trigger a crash of the service...

7.5CVSS7.4AI score0.00587EPSS
Exploits0References7
Securelist
Securelist
added 2025/01/17 10:0 a.m.64 views

Mercedes-Benz Head Unit security research report

Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz's latest Head Unit infotainment system is called Mercedes-Benz User Experience MBUX. We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab...

7.8CVSS8.4AI score0.94921EPSS
Exploits152
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.5 views

PT-2025-1228 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue is related to a race condition in the Mercedes-Benz head-unit NTG6, which can be exploited by connecting to the Ethernet pins on the Base Board. This allows a...

4.9CVSS7.5AI score0.00218EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.3 views

PT-2025-1231 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue is related to the import or export of profile settings over USB in the Mercedes-Benz head-unit NTG6. Some values are serialized using the boost library, which...

9.8CVSS7.6AI score0.00688EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.11 views

PT-2025-1230 · Mercedes Benz · Mbux +1

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 Description: The issue is related to the Mercedes-Benz head-unit NTG6, which has Ethernet pins on the Base Board to connect the module CSB. An attacker can connect to these pins and gain access to the internal...

4.9CVSS8.4AI score0.00463EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.5 views

PT-2025-1229 · Mercedes Benz · Mbux +1

Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue is related to the import or export of profile settings over USB in the Mercedes-Benz head-unit NTG6. A file within the profile folder is encoded with a...

4.9CVSS7.9AI score0.00264EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.5 views

PT-2025-1207 · Mercedes Benz · Mercedes Benz Ntg +1

Name of the Vulnerable Software and Affected Versions: Mercedes Benz NTG New Telematics Generation versions 6 through 2021 Description: The issue is related to a possible stack buffer overflow in the Service Broker service of the Mercedes-Benz User Experience MBUX system, which can allow an...

7.2CVSS8.1AI score0.0033EPSS
Exploits0References10
OSV
OSV
added 2021/05/31 3:39 p.m.17 views

Denial of Service in Leaf EV (car) version 2018 SV

In Nissan Leaf EV car version 2018 SV a Denial of Service exists in the Head Unit Display that can be attacked via Local Access resulting in Denial of Service HUD being disabled...

3.6AI score
Exploits0References1
OSV
OSV
added 2021/05/31 3:39 p.m.18 views

GSD-2021-1000008 Denial of Service in Leaf EV (car) version 2018 SV

In Nissan Leaf EV car version 2018 SV a Denial of Service exists in the Head Unit Display that can be attacked via Local Access resulting in Denial of Service HUD being disabled...

7.1AI score
Exploits0References1
OSV
OSV
added 2021/05/13 7:15 p.m.2 views

CVE-2021-23908

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution...

9.8CVSS7.6AI score0.02362EPSS
Exploits1References3
Metasploit
Metasploit
added 2021/04/23 5:42 p.m.197 views

KOFFEE - Kia OFFensivE Exploit

This module exploits CVE-2020-8539, which is an arbitrary code execution vulnerability that allows an to attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. Th...

7.8CVSS8.2AI score0.02257EPSS
Exploits2
OSV
OSV
added 2020/12/01 6:15 p.m.5 views

CVE-2020-8539

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...

7.8CVSS7.1AI score0.02257EPSS
Exploits2References2
NVD
NVD
added 2020/12/01 6:15 p.m.29 views

CVE-2020-8539

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...

7.8CVSS7.7AI score0.02257EPSS
Exploits2References2
Prion
Prion
added 2020/12/01 6:15 p.m.25 views

Input validation

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...

4.6CVSS7.6AI score0.02257EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder