CVE-2023-34403

Published: Feb 13, 2025Modified: Jun 27, 2025

4.9

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploitability: 1.5 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB.

Affected (1)

Products: Mercedes Benz: Headunit Ntg6 Mercedes Benz User Experience

1 product

Headunit Ntg6 Mercedes Benz User Experience

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mercedes Benz Headunit Ntg6 Mercedes Benz User Experience	Up to 2021

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://securelist.com/mercedes-benz-head-unit-security-research/115218/

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.