Remote Code Execution Vulnerability in Mercedes-Benz MBUX Infotainment System

Remote Code Execution Vulnerability in Mercedes-Benz MBUX Infotainment System

CVE-2021-23907 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The count in MultiSvGet, GetAttributes, and MultiSvSet is not checked in the HiQnet Protocol, leading to remote code execution.

Learn more about our Web Application Penetration Testing UK.