CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.
References
Link Resource
https://vuldb.com/?id.125081 Exploit Third Party Advisory VDB Entry
https://www.scip.ch/en/?labs.20180405 Exploit Technical Description Third Party Advisory
https://vuldb.com/?id.125081 Exploit Third Party Advisory VDB Entry
https://www.scip.ch/en/?labs.20180405 Exploit Technical Description Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mercedes-benz:mercedes_me:2.11.0:*:*:*:*:iphone_os:*:*

History

21 Nov 2024, 03:55

Type Values Removed Values Added
References () https://vuldb.com/?id.125081 - Exploit, Third Party Advisory, VDB Entry () https://vuldb.com/?id.125081 - Exploit, Third Party Advisory, VDB Entry
References () https://www.scip.ch/en/?labs.20180405 - Exploit, Technical Description, Third Party Advisory () https://www.scip.ch/en/?labs.20180405 - Exploit, Technical Description, Third Party Advisory

Information

Published : 2018-10-09 09:29

Updated : 2024-11-21 03:55


NVD link : CVE-2018-18071

Mitre link : CVE-2018-18071

CVE.ORG link : CVE-2018-18071


JSON object : View

Products Affected

mercedes-benz

  • mercedes_me
CWE
CWE-319

Cleartext Transmission of Sensitive Information