Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://securelist.com/mercedes-benz-head-unit-security-research/115218/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Jun 2025, 16:12
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Mercedes-benz
Mercedes-benz headunit Ntg6 Mercedes-benz User Experience |
|
| CPE | cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:*:*:*:*:*:*:*:* | |
| References | () https://securelist.com/mercedes-benz-head-unit-security-research/115218/ - Third Party Advisory |
13 Feb 2025, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-13 23:15
Updated : 2025-06-27 16:12
NVD link : CVE-2023-34402
Mitre link : CVE-2023-34402
JSON object : View
Products Affected
mercedes-benz
- headunit_ntg6_mercedes-benz_user_experience
CWE
No CWE.