Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers to cause a denial of service (device restart) via an unauthenticated API request. The attacker must be on the same network as the device.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Jan 2023, 17:02
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mercedes-benz
Mercedes-benz xentry Retail Data Storage Mercedes-benz xentry Retail Data Storage Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:mercedes-benz:xentry_retail_data_storage_firmware:7.8.1:*:*:*:*:*:*:* cpe:2.3:h:mercedes-benz:xentry_retail_data_storage:-:*:*:*:*:*:*:* |
|
References | (MISC) https://b2bconnect.mercedes-benz.com/gb/workshop-solutions/diagnosis/retail-data-storage - Vendor Advisory | |
References | (MISC) https://medium.com/@windsormoreira/xentry-retail-data-storage-v7-8-1-denial-of-service-cve-2023-23590-60b65f5fa358 - Exploit, Third Party Advisory |
15 Jan 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-15 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23590
Mitre link : CVE-2023-23590
CVE.ORG link : CVE-2023-23590
JSON object : View
Products Affected
mercedes-benz
- xentry_retail_data_storage
- xentry_retail_data_storage_firmware
CWE