CVE-2020-16142

LOW

Mercedes-benz Comand - Format String Vulnerability

Title source: rule
STIX 2.1

Description

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.

References (1)

Scores

CVSS v3 3.5
EPSS 0.0009
EPSS Percentile 24.7%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Details

CWE
CWE-134
Status published
Products (1)
mercedes-benz/comand
Published Aug 27, 2020
Tracked Since Feb 18, 2026