CVE-2023-28895
01.12.2023, 14:15
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found onkoda Superb III (3V3) - 2.0 TDI manufactured in 2022.Enginsight
| Vendor | Product | Version |
|---|---|---|
| preh | mib3_firmware | 𝑥 < 0304 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-259 - Use of Hard-coded PasswordThe software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.