CVE-2023-23590

HIGH

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 - Unauthenticated Denial of Service via API Request

Title source: llm

Description

Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.

References (2)

Core 2

Core References

Various Sources

https://medium.com/%40windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358

Vendor Advisory

https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage

Scores

CVSS v3 7.5

EPSS 0.2644

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (1)

mercedes-benz/xentry_retail_data_storage_firmware 7.8.1

Published Jan 15, 2023

Tracked Since Feb 18, 2026