Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
Mercedes-benzHeadunit Ntg6 Mercedes-benz User Experience

15 matches found

CVE
CVEadded 2025/02/13 10:15 p.m.577 views

CVE-2023-34399

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.

9.8CVSS6.9AI score0.00088EPSS
CVE
CVEadded 2025/02/13 10:15 p.m.486 views

CVE-2023-34398

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.

7.5CVSS6.9AI score0.00079EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.340 views

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

7.7CVSS6.9AI score0.00027EPSS
CVE
CVEadded 2021/05/13 7:15 p.m.179 views

CVE-2021-23908

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.

9.8CVSS9.7AI score0.01496EPSS
CVE
CVEadded 2021/05/13 7:15 p.m.79 views

CVE-2021-23907

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.

9.8CVSS9.6AI score0.01496EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.70 views

CVE-2023-34406

An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-...

3.3CVSS6.8AI score0.00019EPSS
CVE
CVEadded 2025/02/13 10:15 p.m.66 views

CVE-2023-34397

Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.

7.5CVSS6.9AI score0.00101EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.63 views

CVE-2023-34404

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection v...

4.9CVSS7.4AI score0.00236EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.62 views

CVE-2023-34401

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.

3.7CVSS6.9AI score0.00039EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.62 views

CVE-2023-34403

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB.

4.9CVSS6.8AI score0.00021EPSS
CVE
CVEadded 2025/02/13 10:15 p.m.61 views

CVE-2023-34400

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.

7.5CVSS7AI score0.00118EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.42 views

CVE-2024-37603

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the Use...

4.6CVSS6.6AI score0.00044EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.40 views

CVE-2024-37601

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause t...

4.6CVSS7.1AI score0.00044EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.40 views

CVE-2024-37602

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP addr...

4.6CVSS6.2AI score0.00044EPSS
CVE
CVEadded 2025/02/13 11:15 p.m.37 views

CVE-2024-37600

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address,...

6.8CVSS7.1AI score0.0005EPSS