CVE-2023-34402

Published: Feb 13, 2025Modified: Jun 27, 2025

7.7

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 2.5 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

Affected (1)

Products: Mercedes Benz: Headunit Ntg6 Mercedes Benz User Experience

1 product

Headunit Ntg6 Mercedes Benz User Experience

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mercedes Benz Headunit Ntg6 Mercedes Benz User Experience	Up to 2021

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://securelist.com/mercedes-benz-head-unit-security-research/115218/

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.