57 matches found
CVE-2023-34397
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed...
CVE-2023-34404
CVE-2023-34404 affects the Mercedes‑Benz head‑unit NTG6. Public analyses describe an attack surface exposed by internal network access (Ethernet test pins on the Base Board) enabling a crafted port call to registered services in the router, which can lead to command injection via the GCF/MoCCA/Ne...
CVE-2023-34398
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference...
CVE-2023-34397
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed...
PT-2025-6486 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6
Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue concerns the Mercedes-Benz head-unit NTG6, which has functions to import or export profile settings over USB. When parsing a file, the service attempts to...
CVE-2023-34400
Summary (CVE-2023-34400): Mercedes-Benz head-unit NTG6 has a vulnerability in its USB-based import/export of profile settings. The parser may attempt to convert a header inside the imported file to a null-terminated string, and if a required character is missing, a null pointer is returned, poten...
PT-2025-1391 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6
Name of the Vulnerable Software and Affected Versions: Mercedes Benz head-unit NTG 6 affected versions not specified Description: The Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing, it is possible to trigger a crash of the service...
Mercedes-Benz Head Unit security research report
Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz's latest Head Unit infotainment system is called Mercedes-Benz User Experience MBUX. We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab...
PT-2025-1228 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6
Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue is related to a race condition in the Mercedes-Benz head-unit NTG6, which can be exploited by connecting to the Ethernet pins on the Base Board. This allows a...
PT-2025-1231 · Mercedes Benz · Mercedes-Benz Head-Unit Ntg6
Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue is related to the import or export of profile settings over USB in the Mercedes-Benz head-unit NTG6. Some values are serialized using the boost library, which...
PT-2025-1230 · Mercedes Benz · Mbux +1
Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 Description: The issue is related to the Mercedes-Benz head-unit NTG6, which has Ethernet pins on the Base Board to connect the module CSB. An attacker can connect to these pins and gain access to the internal...
PT-2025-1229 · Mercedes Benz · Mbux +1
Name of the Vulnerable Software and Affected Versions: Mercedes-Benz head-unit NTG6 affected versions not specified Description: The issue is related to the import or export of profile settings over USB in the Mercedes-Benz head-unit NTG6. A file within the profile folder is encoded with a...
PT-2025-1207 · Mercedes Benz · Mercedes Benz Ntg +1
Name of the Vulnerable Software and Affected Versions: Mercedes Benz NTG New Telematics Generation versions 6 through 2021 Description: The issue is related to a possible stack buffer overflow in the Service Broker service of the Mercedes-Benz User Experience MBUX system, which can allow an...
Denial of Service in Leaf EV (car) version 2018 SV
In Nissan Leaf EV car version 2018 SV a Denial of Service exists in the Head Unit Display that can be attacked via Local Access resulting in Denial of Service HUD being disabled...
GSD-2021-1000008 Denial of Service in Leaf EV (car) version 2018 SV
In Nissan Leaf EV car version 2018 SV a Denial of Service exists in the Head Unit Display that can be attacked via Local Access resulting in Denial of Service HUD being disabled...
CVE-2021-23908
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution...
KOFFEE - Kia OFFensivE Exploit
This module exploits CVE-2020-8539, which is an arbitrary code execution vulnerability that allows an to attacker execute the micomd binary file on the head unit of Kia Motors. This module has been tested on SOP.003.30.18.0703, SOP.005.7.181019 and SOP.007.1.191209 head unit software versions. Th...
CVE-2020-8539
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...
CVE-2020-8539
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...
Input validation
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...