← back
CVE-2021-23907

CVE-2021-23907

CVSS 2.9 LOWEPSS 2.4%
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.
CVSS:3.1/AC:H/AV:P/A:N/C:L/I:L/PR:N/S:U/UI:R
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdfhttps://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866