CVE-2023-26243 in Gen5W_Lthông tin

Tóm tắt

Bởi MITRE • 27/04/2023

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Đặt trước

21/02/2023

Tiết lộ

27/04/2023

Kiểm duyệt

được chấp nhận

mục

VDB-227552

CPE

sẵn sàng

CWE

CWE-200 (Đã xác nhận)

CVSS

7.8 (NVD)

EPSS

0.00180

KEV

không

Các hoạt động

rất thấp

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-26243
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-26243
CVE Details	https://www.cvedetails.com/cve/CVE-2023-26243/

◂ Trước Tổng Quan Tiếp theo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!