CVE-2023-39075

Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
renaultzoe_ev_2021_firmware
11.10.2021 ≤
𝑥
≤ 16.01.2023
𝑥
= Vulnerable software versions
References
https://blog.dhjeong.kr/posts/automotive/2023/12/how-to-fuzzing-realcars/
https://blog.dhjeong.kr/posts/vuln/202307/renault-zoe/
https://blog.jhyeon.dev/posts/vuln/202307/renault-zoe/
https://nvd.nist.gov/vuln/detail/CVE-2023-39075
https://blog.dhjeong.kr/posts/automotive/2023/12/how-to-fuzzing-realcars/
https://blog.dhjeong.kr/posts/vuln/202307/renault-zoe/
https://blog.jhyeon.dev/posts/vuln/202307/renault-zoe/
https://nvd.nist.gov/vuln/detail/CVE-2023-39075