CVE-2020-28656

MEDIUM Year: 2020
CVSS v3 Score
6.8
Medium
CVSS v2 Score
7.2
High
Weakness Type
CWE-354
View all →

Vulnerability Description

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.

Related Vulnerabilities

CVE-2020-5637

MEDIUM
CVSS:6.8(Medium)

Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker with an administrative privilege to execute a malicious program.

CWE-3542020

CVE-2020-9118

MEDIUM
CVSS:6.8(Medium)

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacke...

CWE-3542020

CVE-2020-9210

MEDIUM
CVSS:6.8(Medium)

There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically ...

CWE-3542020

CVE-2022-30316

MEDIUM
CVSS:6.8(Medium)

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware up...

CWE-3542022

CVE-2023-24063

MEDIUM
CVSS:6.8(Medium)

Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able to ...

CWE-3542023

CVE-2024-31958

MEDIUM
CVSS:6.8(Medium)

An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds Write.

CWE-3542024