CVE-2023-34402
CVE-2023-34402
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected products
n/a · n/a