Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
References
Configurations
Configuration 1 (hide)
| AND |
|
History
07 Nov 2023, 04:07
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
24 Jan 2023, 17:02
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Mercedes-benz
Mercedes-benz xentry Retail Data Storage Mercedes-benz xentry Retail Data Storage Firmware |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:o:mercedes-benz:xentry_retail_data_storage_firmware:7.8.1:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:xentry_retail_data_storage:-:*:*:*:*:*:*:* |
|
| References | (MISC) https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage - Vendor Advisory | |
| References | (MISC) https://medium.com/@windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358 - Exploit, Third Party Advisory |
15 Jan 2023, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-01-15 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23590
Mitre link : CVE-2023-23590
CVE.ORG link : CVE-2023-23590
JSON object : View
Products Affected
mercedes-benz
- xentry_retail_data_storage
- xentry_retail_data_storage_firmware
CWE