CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 1CVE-2023-40293
https://notcve.org/view.php?id=CVE-2023-40293
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. • https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40292
https://notcve.org/view.php?id=CVE-2023-40292
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets. • https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40291
https://notcve.org/view.php?id=CVE-2023-40291
Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name. • https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car •