CVE-2023-23590

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23590
Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage Vendor Advisory
https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage Vendor Advisory
https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358
https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mercedes-benz:xentry_retail_data_storage_firmware:7.8.1:*:*:*:*:*:*:*
cpe:2.3:h:mercedes-benz:xentry_retail_data_storage:-:*:*:*:*:*:*:*
History

07 Apr 2025, 16:15

Type Values Removed Values Added
References (MISC) https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage - Vendor Advisory () https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage - Vendor Advisory

07 Nov 2023, 04:07

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358', 'name': 'https://medium.com/@windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358 -
Information

Published : 2023-01-15 05:15

Updated : 2025-04-07 16:15

NVD link : CVE-2023-23590

Mitre link : CVE-2023-23590

JSON object : View

Products Affected

mercedes-benz

  • xentry_retail_data_storage_firmware
  • xentry_retail_data_storage
CWE
NVD-CWE-noinfo