VYPR
Vendor

Visteon

Products
3
CVEs
13
Across products
15
Status
Private

Products

3

Recent CVEs

13
  • CVE-2025-32058CriFeb 15, 2026
    risk 0.60cvss 9.3epss 0.00

    The Infotainment ECU manufactured by Bosch uses a RH850 module for CAN communication. RH850 is connected to infotainment over the INC interface through a custom protocol. There is a vulnerability during processing requests of this protocol on the V850 side which allows an…

  • CVE-2025-32062HigFeb 15, 2026
    risk 0.57cvss 8.8epss 0.00

    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a…

  • CVE-2025-32061HigFeb 15, 2026
    risk 0.57cvss 8.8epss 0.00

    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a…

  • CVE-2025-32059HigFeb 15, 2026
    risk 0.57cvss 8.8epss 0.00

    The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a…

  • CVE-2024-8357HigNov 22, 2024
    risk 0.51cvss 7.8epss 0.00

    Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to…

  • CVE-2024-8356HigNov 22, 2024
    risk 0.51cvss 7.8epss 0.00

    Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the…

  • CVE-2025-32063MedFeb 15, 2026
    risk 0.44cvss 6.8epss 0.00

    There is a misconfiguration vulnerability inside the Infotainment ECU manufactured by BOSCH. The vulnerability happens during the startup phase of a specific systemd service, and as a result, the following developer features will be activated: the disabled firewall and the…

  • CVE-2024-8360MedNov 22, 2024
    risk 0.44cvss 6.8epss 0.01

    Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to…

  • CVE-2024-8359MedNov 22, 2024
    risk 0.44cvss 6.8epss 0.01

    Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit…

  • CVE-2024-8358MedNov 22, 2024
    risk 0.44cvss 6.8epss 0.01

    Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit…

  • CVE-2024-8355MedNov 22, 2024
    risk 0.44cvss 6.8epss 0.01

    Visteon Infotainment System DeviceManager iAP Serial Number SQL Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment system. Authentication is not required to exploit this…

  • CVE-2025-32057MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL…

  • CVE-2026-49318LowMay 29, 2026
    risk 0.16cvss 2.4epss 0.00

    Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during…