VYPR
Vendor

Hyundai

Products
9
CVEs
11
Across products
17
Status
Private

Products

9

Recent CVEs

11
  • CVE-2023-26246HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This…

  • CVE-2023-26245HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any…

  • CVE-2023-26244HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade…

  • CVE-2023-26243HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An…

  • CVE-2017-6054HigApr 26, 2017
    risk 0.49cvss 7.5epss 0.02

    A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.

  • CVE-2025-55618HigAug 27, 2025
    risk 0.47cvss 7.3epss 0.00

    In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.

  • CVE-2022-37418MedAug 24, 2022
    risk 0.42cvss 6.4epss 0.01

    The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack.…

  • CVE-2019-14360MedNov 2, 2019
    risk 0.30cvss 4.6epss 0.00

    On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in…

  • CVE-2017-6052LowApr 26, 2017
    risk 0.24cvss 3.7epss 0.01

    A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.

  • CVE-2026-26011Feb 12, 2026
    risk 0.00cvss epss 0.01

    navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme…

  • CVE-2022-37305Aug 24, 2022
    risk 0.00cvss epss 0.01

    The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains…