CVE-2024-37600

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-121
View all →

Vulnerability Description

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the Service Broker service. With prepared HTTP requests, an attacker can cause the Service-Broker service to fail.

Related Vulnerabilities

CVE-2017-12732

MEDIUM
CVSS:6.8(Medium)

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowi...

CWE-1212017

CVE-2022-0650

MEDIUM
CVSS:6.8(Medium)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required ...

CWE-1212022

CVE-2022-24973

MEDIUM
CVSS:6.8(Medium)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required ...

CWE-1212022

CVE-2022-43625

MEDIUM
CVSS:6.8(Medium)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerabil...

CWE-1212022

CVE-2023-21414

MEDIUM
CVSS:6.8(Medium)

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provide...

CWE-1212023

CVE-2023-27333

MEDIUM
CVSS:6.8(Medium)

TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ...

CWE-1212023