CVE-2018-18071
HIGHMercedes-Benz Me 2.11.0-846 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://vuldb.com/?id.125081
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.scip.ch/en/?labs.20180405
Scores
CVSS v3
7.5
EPSS
0.0141
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
mercedes-benz/mercedes_me
2.11.0
Published
Oct 09, 2018
Tracked Since
Feb 18, 2026