CVE-2024-37602

Medium CVSS: 4.6

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail.

Vendor

Mercedes-benz

Product

Headunit Ntg6 Mercedes-benz User Experience

CWE

CWE-476

Yayın Tarihi

2025-02-13 23:15:10

Güncelleme

2025-06-27 16:12:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-476 Headunit Ntg6 Mercedes-benz User Experience MEDIUM Mercedes-benz 2025

Referanslar

https://securelist.com/mercedes-benz-head-unit-security-research/115218/

Benzer Kayıtlar

Medium

CVE-2024-37600

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflo…

Medium

CVE-2024-37601

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in th…

Medium

CVE-2024-37603

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user…

High

CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulat…

Medium

CVE-2023-34403

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins an…

Medium

CVE-2023-34404

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins a…