An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
References
Link | Resource |
---|---|
https://keenlab.tencent.com/en/2021/05/12/Tencent-Security-Keen-Lab-Experimental-Security-Assessment-on-Mercedes-Benz-Cars/ | Third Party Advisory |
https://keenlab.tencent.com/en/whitepapers/Mercedes_Benz_Security_Research_Report_Final.pdf | Exploit Third Party Advisory |
https://media.daimler.com/marsMediaSite/en/instance/ko.xhtml?oid=49946866 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-13T18:56:32
Updated: 2021-05-13T18:56:32
Reserved: 2021-01-12T00:00:00
Link: CVE-2021-23906
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-13T19:15:07.753
Modified: 2021-05-25T13:49:33.297
Link: CVE-2021-23906
JSON object: View
Redhat Information
No data.
CWE