An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, whi...
5.9CVSS
5.7AI Score
0.001EPSS
An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as l...
7.5CVSS
7.4AI Score
0.011EPSS
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
3.5CVSS
4.2AI Score
0.001EPSS
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
6.8CVSS
7AI Score
0.042EPSS
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.
9.8CVSS
9.6AI Score
0.058EPSS
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.
9.8CVSS
9.7AI Score
0.049EPSS
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.
9.8CVSS
9.7AI Score
0.058EPSS
An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.
9.8CVSS
9.3AI Score
0.007EPSS
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
7.5CVSS
7.4AI Score
0.002EPSS
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.
5.3CVSS
5.2AI Score
0.0005EPSS
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.
5.3CVSS
5AI Score
0.0005EPSS