CVE-2018-18071

Name of the Vulnerable Software and Affected Versions Daimler Mercedes-Benz Me app version 2.11.0-846

Description An issue in the Daimler Mercedes-Benz Me app allows the encrypted Connected Vehicle API data exchange between the app and a server to be intercepted. This could potentially allow unauthorized access to sensitive information such as latitude, longitude, and direction of travel, or enable malicious operations like unlocking the vehicle or using the Remote Parking Pilot.

Recommendations For Daimler Mercedes-Benz Me app version 2.11.0-846, consider restricting access to sensitive vehicle operations until a fix is available. As a temporary workaround, avoid using the app for critical functions like Remote Parking Pilot or unlocking the vehicle to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.