Описание
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.
Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:skoda-auto:superb_3_firmware:2022:*:*:*:*:*:*:*
cpe:2.3:h:skoda-auto:superb_3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-798
CWE-798
Связанные уязвимости
CVSS3: 4
github
около 2 лет назад
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
EPSS
Процентиль: 17%
0.00054
Низкий
4 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-798
CWE-798