CVE-2024-39339

HIGH

Smartplay headunits - Info Disclosure

Title source: llm

Description

A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity.

References (2)

[Various Sources] https://docs.google.com/document/d/1S-d8zyZreYYGSIr4zGww6F2iBfD63v10Z3YVbGnp2es/edit?usp=sharing

[Various Sources] https://mohammedshine.github.io/CVE-2024-39339.html

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 58.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-922

Status published

Published Sep 18, 2024

Tracked Since Feb 18, 2026