CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-34401

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.1%

CVSS Severity

CVSS v3 Score 3.7

References

https://securelist.com/mercedes-benz-head-unit-security-research/115218/

Products affected by CVE-2023-34401

Mercedes-Benz » Headunit Ntg6 Mercedes-Benz User Experience » Version: 2021

cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-34401

Products

Pricing

Contact Us