← Back

Volkswagen

volkswagen

2 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Customer Link
customer-link
1 CVE
Id.3 Firmware
id.3_firmware
1 CVE
Id.3
id.3
0 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-6073
1Volkswagen
1Id.3 Firmware
Nov 21, 2024
Nov 10, 2023
N/A· v4
6.3 MEDIUM· v3
N/A· v2
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio...Show more
Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. Show less
CVE-2018-1170
2Htc
Volkswagen
2Customer Link
Customer Link Bridge
Nov 21, 2024
Mar 2, 2018
N/A· v4
8.8 HIGH· v3
8.3 HIGH· v2
This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not requi...Show more
This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.Show less