CVE-2024-37603

MEDIUM Year: 2024
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-843
View all →

Vulnerability Description

An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.

Related Vulnerabilities

CVE-2022-3903

MEDIUM
CVSS:4.6(Medium)

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to ...

CWE-8432022

CVE-2021-33624

MEDIUM
CVSS:4.7(Medium)

In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locat...

CWE-8432021

CVE-2021-0352

MEDIUM
CVSS:4.4(Medium)

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for...

CWE-8432021

CVE-2023-20747

MEDIUM
CVSS:4.4(Medium)

In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation...

CWE-8432023

CVE-2025-32352

MEDIUM
CVSS:4.8(Medium)

A type confusion vulnerability in lib/NSSAuthenticator.php in ZendTo before v5.04-7 allows remote attackers to bypass authentication for users with passwords stored as MD5 hashes that can be interpret...

CWE-8432025

CVE-2023-24599

MEDIUM
CVSS:4.3(Medium)

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."

CWE-8432023