Mercedes Benz

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-37603 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB in...Show more An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.Show less
CVE-2024-37602 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical acces...Show more An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail.Show less
CVE-2024-37601 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the...Show more An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.Show less
CVE-2024-37600 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to...Show more An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the Service Broker service. With prepared HTTP requests, an attacker can cause the Service-Broker service to fail.Show less
CVE-2023-34406 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 3.3 LOW· v3 N/A· v2 An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB inte...Show more An issue was discovered on Mercedes Benz NTG 6. A possible integer overflow exists in the user data import/export function of NTG (New Telematics Generation) 6 head units. To perform this attack, local access to USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.Show less
CVE-2023-34404 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send ca...Show more Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.Show less
CVE-2023-34403 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData”...Show more Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup on USB.Show less
CVE-2023-34402 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achiev...Show more Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.Show less
CVE-2023-34401 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 3.7 LOW· v3 N/A· v2 Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsula...Show more Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside profile folder there is a file, which is encoded with proprietary UD2 codec. Due to missed size checks in the enapsulate file, attacker can achieve Out-of-Bound Read in heap memory.Show less
CVE-2023-34400 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character...Show more Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.Show less
CVE-2023-34399 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability...Show more Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.Show less
CVE-2023-34398 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null poi...Show more Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.Show less
CVE-2023-34397 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.
CVE-2023-47393 1Mercedes Benz 1Mercedes Me Nov 21, 2024 Nov 22, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.
CVE-2023-47392 1Mercedes Benz 1Mercedes Me Nov 21, 2024 Nov 22, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.
CVE-2023-23590 1Mercedes Benz 1Xentry Retail Data Storage Firmware Apr 7, 2025 Jan 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
CVE-2021-23910 1Mercedes Benz 1Hermes Nov 21, 2024 May 13, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.
CVE-2021-23909 1Mercedes Benz 1Hermes Nov 21, 2024 May 13, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.
CVE-2021-23908 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Nov 21, 2024 May 13, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code exec...Show more An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution.Show less
CVE-2021-23907 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Nov 21, 2024 May 13, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading t...Show more An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.Show less

12 Next