An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.
References
Link | Resource |
---|---|
https://vuldb.com/?id.125081 | Exploit Third Party Advisory VDB Entry |
https://www.scip.ch/en/?labs.20180405 | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:02
Updated: 2022-10-03T16:22:02
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-18071
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-09T09:29:00.400
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-18071
JSON object: View
Redhat Information
No data.
CWE