VYPR
Vendor

Mercedes-Benz

Products
10
CVEs
30
Across products
38
Status
Private

Products

10

Recent CVEs

30
View all 30 CVEs →
  • CVE-2023-34399CriFeb 13, 2025
    risk 0.64cvss 9.8epss 0.01

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.

  • CVE-2023-23590HigJan 15, 2023
    risk 0.51cvss 7.5epss 0.26

    Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.

  • CVE-2023-34402HigFeb 13, 2025
    risk 0.50cvss 7.7epss 0.00

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Inside file is encapsulate another file, which service will drop during processing. Due to missed checks, attacker can achieve Arbitrary File Write with service speech rights.

  • CVE-2023-34400HigFeb 13, 2025
    risk 0.49cvss 7.5epss 0.01

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.

  • CVE-2023-34398HigFeb 13, 2025
    risk 0.49cvss 7.5epss 0.01

    Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.

  • CVE-2023-34397HigFeb 13, 2025
    risk 0.49cvss 7.5epss 0.01

    Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.

  • CVE-2018-18071HigOct 9, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive…

  • CVE-2024-37600MedFeb 13, 2025
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With…

  • CVE-2021-23909MedMay 13, 2021
    risk 0.41cvss 6.3epss 0.02

    An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. The SH2 MCU allows remote code execution.

  • CVE-2018-18070MedOct 9, 2018
    risk 0.38cvss 5.9epss 0.01

    An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to…

  • CVE-2021-23910MedMay 13, 2021
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. There is an out-of-bounds array access in RemoteDiagnosisApp.

  • CVE-2023-47393MedNov 22, 2023
    risk 0.34cvss 5.3epss 0.01

    An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.

  • CVE-2023-47392MedNov 22, 2023
    risk 0.34cvss 5.3epss 0.01

    An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the carts of other users via sending a crafted add order request.

  • CVE-2023-34404MedFeb 13, 2025
    risk 0.32cvss 4.9epss 0.00

    Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve…

  • CVE-2023-34403MedFeb 13, 2025
    risk 0.32cvss 4.9epss 0.00

    Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to this pins and get access to internal network. A race condition can be acquired and attacker can spoof “UserData” with desirable file path and access it though backup…

  • CVE-2024-37603MedFeb 13, 2025
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an…

  • CVE-2024-37602MedFeb 13, 2025
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed.…

  • CVE-2024-37601MedFeb 13, 2025
    risk 0.30cvss 4.6epss 0.00

    An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an…

  • CVE-2019-19562MedNov 16, 2020
    risk 0.30cvss 4.6epss 0.00

    An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information.

  • CVE-2019-19560MedNov 16, 2020
    risk 0.30cvss 4.6epss 0.00

    An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.