CVE-2023-39075

medium

Description

Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-39075

https://blog.jhyeon.dev/posts/vuln/202307/renault-zoe/

https://blog.dhjeong.kr/posts/vuln/202307/renault-zoe/

https://blog.dhjeong.kr/posts/automotive/2023/12/how-to-fuzzing-realcars/

Details

Source: Mitre, NVD

Published: 2023-08-03

Updated: 2023-12-12

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H