Описание
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.25.1 (исключая)
cpe:2.3:a:teslamate:teslamate:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01027
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
около 4 лет назад
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.
EPSS
Процентиль: 77%
0.01027
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287