Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Headunit_ntg6_mercedes\-Benz_user_experience
(Mercedes\-Benz)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-02-13 | CVE-2024-37601 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | Headunit_ntg6_mercedes\-Benz_user_experience | N/A | ||
| 2025-02-13 | CVE-2024-37602 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail. | Headunit_ntg6_mercedes\-Benz_user_experience | N/A | ||
| 2025-02-13 | CVE-2024-37603 | An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | Headunit_ntg6_mercedes\-Benz_user_experience | N/A | ||
| 2021-05-13 | CVE-2021-23907 | An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution. | Headunit_ntg6_mercedes\-Benz_user_experience | 9.8 | ||
| 2021-05-13 | CVE-2021-23908 | An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A type confusion issue affects MultiSvSetAttributes in the HiQnet Protocol, leading to remote code execution. | Headunit_ntg6_mercedes\-Benz_user_experience | 9.8 |