CVE-2021-23906

LOW

Mercedes-Benz MBUX Infotainment System < 2021 - Remote Code Execution via HiQnet Protocol Message Length

Title source: llm
STIX 2.1

Description

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.

Scores

CVSS v3 1.8
EPSS 0.0080
EPSS Percentile 52.1%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-20
Status published
Products (1)
mercedes-benz/mercedes-benz_user_experience < 2021
Published May 13, 2021
Tracked Since Feb 18, 2026