Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key.
References
Link | Resource |
---|---|
https://fmsh-seclab.github.io/ | Exploit Technical Description Third Party Advisory |
https://github.com/fmsh-seclab/TesMla | Third Party Advisory |
https://youtu.be/cPhYW5FzA9A | Exploit Third Party Advisory |
Configurations
History
23 Sep 2022, 13:20
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://fmsh-seclab.github.io/ - Exploit, Technical Description, Third Party Advisory | |
References | (MISC) https://github.com/fmsh-seclab/TesMla - Third Party Advisory | |
References | (MISC) https://youtu.be/cPhYW5FzA9A - Exploit, Third Party Advisory | |
First Time |
Tesla model 3 Firmware
Tesla tesla Tesla Tesla model 3 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:o:tesla:model_3_firmware:11.0:*:*:*:*:*:*:* cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:* cpe:2.3:a:tesla:tesla:4.23:*:*:*:*:android:*:* |
|
CWE | CWE-290 |
16 Sep 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-16 22:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37709
Mitre link : CVE-2022-37709
CVE.ORG link : CVE-2022-37709
JSON object : View
Products Affected
tesla
- model_3_firmware
- model_3
- tesla
CWE
CWE-290
Authentication Bypass by Spoofing