CVE-2019-19560

Name of the Vulnerable Software and Affected Versions Mercedes-Benz HERMES version 1.5

Description The issue is related to an authentication bypass in the debug interface, allowing an attacker with physical access to the device hardware to obtain system information. This could also involve a misconfiguration that enables an attacker to obtain cellular modem information. The attacker must have direct physical access to the device hardware to exploit this issue.

Recommendations For Mercedes-Benz HERMES version 1.5, as a temporary workaround, consider disabling the debug interface until a patch is available. Restrict physical access to device hardware to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.