11 matches found
CVE-2025-2082
CVE-2025-2082 overview (Tesla Model 3 VCSEC): A vulnerability in the VCSEC module where an attacker can trigger an integer overflow by manipulating the TPMS certificate response, allowing remote code execution in the VCSEC context with network-adjacent access. Authentication is not required and t...
CVE-2022-27948
The CVE-2022-27948 entry concerns certain Tesla vehicles through 2022-03-26 where a 315 MHz RF signal containing a fixed sequence of about one hundred symbols can be used to open the charging port. The vulnerability is framed around wireless access to the charging port via a specific RF payload; ...
CVE-2022-37709
CVE-2022-37709 affects Tesla Model 3 with firmware v11.0 (2022.4.5.1 6b701552d7a6) and Tesla mobile app v4.23. The issue is an authentication bypass by spoofing in the Phone Key flow, combined with Bluetooth Low Energy (BLE) channel weaknesses that enable a man-in-the-middle attack. Attackers wit...
CVE-2023-32157
CVE-2023-32157 affects Tesla Model 3 with the bsa_server heap-based buffer overflow. Root cause: improper validation of user-supplied data length copied into a fixed-length heap buffer, allowing an attacker to execute code in the context of an unprivileged user in a sandboxed process. Exploitatio...
CVE-2023-32155
CVE-2023-32155 pertains to Tesla Model 3 and the bcmdhd Wi‑Fi driver. The root cause is lack of validation of user-supplied data, enabling an out‑of‑bounds write that can escalate privileges. Attack requires local code execution on the device’s Wi‑Fi subsystem and can lead to arbitrary kernel cod...
CVE-2023-32156
CVE-2023-32156 is a Tesla Model 3 Gateway ECU firmware signature validation bypass vulnerability. The issue stems from improper error handling during firmware updates, allowing network-adjacent attackers to execute arbitrary code with the context of the Gateway ECU after gaining the ability to ru...
CVE-2022-42431
CVE-2022-42431 affects Tesla vehicles via the bcmdhd driver. The issue arises from insufficient validation of the length of user-supplied data before copying to a buffer, enabling a local attacker to escalate privileges and execute code with root privileges. The connected document set confirms th...
CVE-2022-42430
CVE-2022-42430 affects Tesla vehicles via a vulnerability in the handling of the wowlan_config data structure. The root cause is described as a lack of validating the existence of an object before performing operations, effectively a use-after-free condition that can be exploited to escalate priv...
CVE-2022-3093
The CVE-2022-3093 issue is a Tesla ice_updater firmware-update vulnerability where improper validation of user-supplied firmware allows a physical attacker to execute arbitrary code with root privileges. Multiple sources (ZDI advisory ZDI-22-1188 and Red Hat/CVEs) describe a TOCTOU‑style control ...
CVE-2020-15912
CVE-2020-15912 affects Tesla Model 3 vehicles. The available documents describe a door-opening vulnerability where an attacker with access to a legitimate key card can relay NFC to unlock/open the door. The root cause is a vulnerability in NFC relay/authentication handling (as described across th...
CVE-2019-9977
CVE-2019-9977 affects the Tesla Model 3 entertainment system: the renderer process mishandles JIT compilation, enabling an attacker to trigger firmware code execution and display a crafted message to occupants. Documents across NVD, Red Hat, and CVE listings confirm this issue; CVSS3 base score i...