CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-34402

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 5.6%

CVSS Severity

CVSS v3 Score 7.7

References

https://securelist.com/mercedes-benz-head-unit-security-research/115218/

Products affected by CVE-2023-34402

Mercedes-Benz » Headunit Ntg6 Mercedes-Benz User Experience » Version: 2021

cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-34402

Products

Pricing

Contact Us