CVE-2023-34404

Severity CVSS v4.0:
Pending analysis
Type:
CWE-284 Improper Access Control
Publication date:
13/02/2025
Last modified:
27/06/2025

Description

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mercedes-benz:headunit_ntg6_mercedes-benz_user_experience:2021:*:*:*:*:*:*:*