CVE-2023-34402

High CVSS: 7.7

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

Vendor

Mercedes-benz

Product

Headunit Ntg6 Mercedes-benz User Experience

CWE

CWE-787

Yayın Tarihi

2025-02-13 23:15:09

Güncelleme

2025-06-27 16:12:42

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-787 Headunit Ntg6 Mercedes-benz User Experience HIGH Mercedes-benz 2025

Referanslar

https://securelist.com/mercedes-benz-head-unit-security-research/115218/

Benzer Kayıtlar

Medium

CVE-2024-37600

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflo…

Medium

CVE-2024-37601

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in th…

Medium

CVE-2024-37602

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer derefer…

Medium

CVE-2024-37603

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user…

Medium

CVE-2023-34403

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins an…

Medium

CVE-2023-34404

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins a…