CVE-2024-37603
MEDIUMMercedes-Benz NTG6 Head Unit - Denial of Service via User Data Import/Export Type Confusion
Title source: llmDescription
An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.
References (1)
Core 1
Core References
Third Party Advisory
https://securelist.com/mercedes-benz-head-unit-security-research/115218/
Scores
CVSS v3
4.6
EPSS
0.0031
EPSS Percentile
22.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-843
Status
published
Products (1)
mercedes-benz/headunit_ntg6_mercedes-benz_user_experience
2021
Published
Feb 13, 2025
Tracked Since
Feb 18, 2026