CVE-2020-10558

MEDIUM

Tesla Model 3 Web Interface < 2020.4.10 - Denial of Service via Improper Process Separation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-10558. PoCs published by nullze, AmazingOut.

AI-analyzed exploit summary This repository contains a README file describing a Denial of Service (DoS) vulnerability in Tesla vehicles (CVE-2020-10558). The vulnerability affects the central touchscreen, disabling features like Autopilot notifications and the speedometer. No exploit code is provided.

Description

The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.

Exploits (3)

nomisec WRITEUP 14 stars
by nullze · poc
https://github.com/nullze/CVE-2020-10558

This repository contains a README file describing a Denial of Service (DoS) vulnerability in Tesla vehicles (CVE-2020-10558). The vulnerability affects the central touchscreen, disabling features like Autopilot notifications and the speedometer. No exploit code is provided.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Tesla Model 3 (and potentially other Tesla vehicles)
No auth needed
Prerequisites: Access to the Tesla vehicle's web browser or a malicious webpage visited by the vehicle
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by AmazingOut · poc
https://github.com/AmazingOut/Tesla-CVE-2020-10558

The repository contains only a README.md file with a title mentioning CVE-2020-10558 but no exploit code or technical details. It appears to be a placeholder or incomplete submission.

Classification
Stub 10%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Tesla Model 3 (version unspecified)
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/nuzzl/cve-2020-10558

This repository provides a detailed write-up and references for CVE-2020-10558, a DoS vulnerability affecting Tesla vehicles. The vulnerability allows an attacker to disable critical UI components like the speedometer and autopilot notifications via a web-based attack.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Tesla Model 3 (and potentially other Tesla vehicles)
No auth needed
Prerequisites: Access to the Tesla vehicle's web browser interface
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://safekeepsecurity.com/about/cve-2020-10558/
Exploit, Third Party Advisory x_refsource_misc
https://cylect.io/blog/Tesla_Model_3_Vuln/

Scores

CVSS v3 6.5
EPSS 0.3348
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

Status published
Products (1)
tesla/model_3_web_interface < 2020.4.10
Published Mar 20, 2020
Tracked Since Feb 18, 2026