VYPR

MIB3

by Volkswagen

CVEs (4)

  • CVE-2023-28909HigJun 28, 2025
    risk 0.52cvss 8.0epss 0.01

    A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability…

  • CVE-2023-29113MedJun 28, 2025
    risk 0.41cvss 6.3epss 0.00

    The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented…

  • CVE-2023-28912MedJun 28, 2025
    risk 0.37cvss 5.7epss 0.00

    The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data. The vulnerability was originally discovered in Skoda Superb…

  • CVE-2023-28904MedJun 28, 2025
    risk 0.34cvss 5.2epss 0.00

    A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process.