Vulnerability Details CVE-2021-23908
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.3%
CVSS Severity
CVSS v3 Score 2.9
CVSS v2 Score 7.5
References
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
- https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
- https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
- https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
Products affected by CVE-2021-23908
-
cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021
-
cpe:2.3:h:mercedes-benz:a_220:-
-
cpe:2.3:h:mercedes-benz:a_220_4matic:-
-
cpe:2.3:h:mercedes-benz:e_350:-
-
cpe:2.3:h:mercedes-benz:e_350_4matic:-
-
cpe:2.3:h:mercedes-benz:eqc:-
-
cpe:2.3:h:mercedes-benz:gle_350:-
-
cpe:2.3:h:mercedes-benz:gle_350_4matic:-