CVE-2020-27524

HIGH

Audi A7 MMI <N+R_CN_AU_P0395 - Info Disclosure

Title source: llm

Description

On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.

References (3)

[Exploit, Third Party Advisory] https://www.youtube.com/watch?v=BQUVgAdhwQs

[Third Party Advisory] https://twitter.com/Kevin2600/status/1316380576593571840

[Exploit, Third Party Advisory] https://tiger-team-1337.blogspot.com/2020/10/audi-a7-2014-mmi-mishandles-format.html

Scores

CVSS v3 7.1

EPSS 0.0018

EPSS Percentile 38.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Details

CWE

CWE-134

Status published

Products (1)

audi/mmi_multiplayer n\+r_cn_au_p0395

Published Nov 11, 2020

Tracked Since Feb 18, 2026