CVE-2020-16142
LOWMercedes-Benz COMAND - Format String Injection via Bluetooth Device Name
Title source: llmDescription
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
https://medium.com/%40reliable_lait_mouse_975/mercedes-comand-infotainment-improper-format-strings-handling-4c67063d744e
Scores
CVSS v3
3.5
EPSS
0.0076
EPSS Percentile
50.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Details
CWE
CWE-134
Status
published
Products (1)
mercedes-benz/comand
Published
Aug 27, 2020
Tracked Since
Feb 18, 2026