Vulnerability Details CVE-2021-23907
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.3%
CVSS Severity
CVSS v3 Score 2.9
CVSS v2 Score 7.5
References
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Products affected by CVE-2021-23907
-
cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021
-
cpe:2.3:h:mercedes-benz:a_220:-
-
cpe:2.3:h:mercedes-benz:a_220_4matic:-
-
cpe:2.3:h:mercedes-benz:e_350:-
-
cpe:2.3:h:mercedes-benz:e_350_4matic:-
-
cpe:2.3:h:mercedes-benz:eqc:-
-
cpe:2.3:h:mercedes-benz:gle_350:-
-
cpe:2.3:h:mercedes-benz:gle_350_4matic:-