CVE-2021-23906

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.8 LOW
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
mitreCNA
1.8 LOW
PHYSICAL
HIGH
NONE
CVSS:3.1/AC:H/AV:P/A:N/C:N/I:L/PR:N/S:U/UI:R
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
mercedes-benzmercedes-benz_user_experience
𝑥
≤ 2021
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866