CVE-2016-9337

Name of the Vulnerable Software and Affected Versions Tesla Motors Model S automobile versions prior to 7.1 (2.36.31)

Description An issue was discovered in the vehicle's Gateway ECU, which is susceptible to commands that may allow an attacker to install malicious software. This could enable the attacker to send messages to the vehicle's CAN bus, resulting in a Command Injection. The web browser functionality must be enabled for this issue to be present.

Recommendations For versions prior to 7.1 (2.36.31), consider disabling the web browser functionality as a temporary workaround until a patch is available. Restrict access to the vehicle's Gateway ECU to minimize the risk of exploitation. Avoid using the vehicle's web browser functionality in the affected firmware versions until the issue is resolved.