CNNVD-202506-3635 Information
CNNVD ID
CNNVD-202506-3635
Related CVE
- CNNVD Published: 2025-06-28
Description (Chinese)
Volkswagen MIB3 Infotainment是德国大众汽车(Volkswagen)公司的一款汽车上的信息娱乐系统。 Volkswagen MIB3 Infotainment存在安全漏洞,该漏洞源于引导加载程序组件中的RAM缓冲区溢出,可能导致物理访问攻击者绕过固件签名验证并在引导过程中执行任意代码。
Description (English)
Volkswagen MIB3 Information is an information and entertainment system in a car owned by Volkswagen. Volkswagen MIB3 Information has a security loophole, which stems from the spilling of the RAM buffer zone in the guided loading programme component, which may lead physical visitors to bypass the firmware signature verification and to enforce any code during the guide.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
大众汽车
Published
2025-06-28
Last Modified
2026-02-24
References
https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2/ https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-vw-mib3-infotainment-2 https://access.redhat.com/security/cve/cve-2023-28904
Patch
https://www.volkswagen.co.uk/en.html
Share on: