An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel.
References
Link | Resource |
---|---|
https://vuldb.com/?id.125081 | Exploit Third Party Advisory VDB Entry |
https://www.scip.ch/en/?labs.20180405 | Exploit Technical Description Third Party Advisory |
https://vuldb.com/?id.125081 | Exploit Third Party Advisory VDB Entry |
https://www.scip.ch/en/?labs.20180405 | Exploit Technical Description Third Party Advisory |
Configurations
History
21 Nov 2024, 03:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://vuldb.com/?id.125081 - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.scip.ch/en/?labs.20180405 - Exploit, Technical Description, Third Party Advisory |
Information
Published : 2018-10-09 09:29
Updated : 2024-11-21 03:55
NVD link : CVE-2018-18071
Mitre link : CVE-2018-18071
CVE.ORG link : CVE-2018-18071
JSON object : View
Products Affected
mercedes-benz
- mercedes_me
CWE
CWE-319
Cleartext Transmission of Sensitive Information