← back
CVE-2023-23305

CVE-2023-23305

CVSS 9.8 CRITICALEPSS 1.3%CWE-120
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
cve_referencegithub.com/anvilsecure/garmin-ciq-app-research/blob/main/poc/GRMN-06.prgunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/anvilsecure/garmin-ciq-app-research/blob/main/advisories/CVE-2023-23305.mdhttps://github.com/anvilsecure/garmin-ciq-app-research/blob/main/poc/GRMN-06.prg