Vulnerability Details CVE-2023-23590
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.16
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 7.5
References
- https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage
- https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358
- https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage
- https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358
Products affected by CVE-2023-23590
-
cpe:2.3:h:mercedes-benz:xentry_retail_data_storage:-
-
cpe:2.3:o:mercedes-benz:xentry_retail_data_storage_firmware:7.8.1