Kia Motors Head Unit Software Vulnerability: Unauthorized Command Injection and CAN Bus Manipulation

Kia Motors Head Unit Software Vulnerability: Unauthorized Command Injection and CAN Bus Manipulation

CVE-2020-8539 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.

Learn more about our Web Application Penetration Testing UK.