Lucene search
+L
TeslaModel 3 Firmware

11 matches found

CVE
CVE
added 2025/04/30 8:0 p.m.115 views

CVE-2025-2082

CVE-2025-2082 overview (Tesla Model 3 VCSEC): A vulnerability in the VCSEC module where an attacker can trigger an integer overflow by manipulating the TPMS certificate response, allowing remote code execution in the VCSEC context with network-adjacent access. Authentication is not required and t...

7.5CVSS8.1AI score0.00331EPSS
CVE
CVE
added 2022/03/27 12:7 p.m.84 views

CVE-2022-27948

The CVE-2022-27948 entry concerns certain Tesla vehicles through 2022-03-26 where a 315 MHz RF signal containing a fixed sequence of about one hundred symbols can be used to open the charging port. The vulnerability is framed around wireless access to the charging port via a specific RF payload; ...

7.2CVSS4.6AI score0.01411EPSS
CVE
CVE
added 2022/09/16 8:43 p.m.73 views

CVE-2022-37709

CVE-2022-37709 affects Tesla Model 3 with firmware v11.0 (2022.4.5.1 6b701552d7a6) and Tesla mobile app v4.23. The issue is an authentication bypass by spoofing in the Phone Key flow, combined with Bluetooth Low Energy (BLE) channel weaknesses that enable a man-in-the-middle attack. Attackers wit...

5.3CVSS5.4AI score0.00563EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.66 views

CVE-2023-32157

CVE-2023-32157 affects Tesla Model 3 with the bsa_server heap-based buffer overflow. Root cause: improper validation of user-supplied data length copied into a fixed-length heap buffer, allowing an attacker to execute code in the context of an unprivileged user in a sandboxed process. Exploitatio...

7.5CVSS5.2AI score0.00344EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.63 views

CVE-2023-32155

CVE-2023-32155 pertains to Tesla Model 3 and the bcmdhd Wi‑Fi driver. The root cause is lack of validation of user-supplied data, enabling an out‑of‑bounds write that can escalate privileges. Attack requires local code execution on the device’s Wi‑Fi subsystem and can lead to arbitrary kernel cod...

7.8CVSS7.9AI score0.00199EPSS
CVE
CVE
added 2024/05/03 1:56 a.m.62 views

CVE-2023-32156

CVE-2023-32156 is a Tesla Model 3 Gateway ECU firmware signature validation bypass vulnerability. The issue stems from improper error handling during firmware updates, allowing network-adjacent attackers to execute arbitrary code with the context of the Gateway ECU after gaining the ability to ru...

9CVSS9.2AI score0.00368EPSS
CVE
CVE
added 2023/03/29 12:0 a.m.54 views

CVE-2022-42431

CVE-2022-42431 affects Tesla vehicles via the bcmdhd driver. The issue arises from insufficient validation of the length of user-supplied data before copying to a buffer, enabling a local attacker to escalate privileges and execute code with root privileges. The connected document set confirms th...

8.8CVSS8AI score0.00312EPSS
CVE
CVE
added 2023/03/29 12:0 a.m.48 views

CVE-2022-42430

CVE-2022-42430 affects Tesla vehicles via a vulnerability in the handling of the wowlan_config data structure. The root cause is described as a lack of validating the existence of an object before performing operations, effectively a use-after-free condition that can be exploited to escalate priv...

8.8CVSS8.1AI score0.00364EPSS
CVE
CVE
added 2023/03/29 12:0 a.m.46 views

CVE-2022-3093

The CVE-2022-3093 issue is a Tesla ice_updater firmware-update vulnerability where improper validation of user-supplied firmware allows a physical attacker to execute arbitrary code with root privileges. Multiple sources (ZDI advisory ZDI-22-1188 and Red Hat/CVEs) describe a TOCTOU‑style control ...

7.6CVSS6.8AI score0.00439EPSS
CVE
CVE
added 2020/07/23 2:40 p.m.43 views

CVE-2020-15912

CVE-2020-15912 affects Tesla Model 3 vehicles. The available documents describe a door-opening vulnerability where an attacker with access to a legitimate key card can relay NFC to unlock/open the door. The root cause is a vulnerability in NFC relay/authentication handling (as described across th...

6.5CVSS6.4AI score0.0119EPSS
CVE
CVE
added 2019/03/24 1:39 p.m.41 views

CVE-2019-9977

CVE-2019-9977 affects the Tesla Model 3 entertainment system: the renderer process mishandles JIT compilation, enabling an attacker to trigger firmware code execution and display a crafted message to occupants. Documents across NVD, Red Hat, and CVE listings confirm this issue; CVSS3 base score i...

8.8CVSS8.4AI score0.03005EPSS