CVE-2020-5551

Name of the Vulnerable Software and Affected Versions Toyota 2017 Model Year DCU (Display Control Unit) versions installed in vehicles manufactured from Oct. 2016 to Oct. 2019

Description The issue allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts. However, critical vehicle controls such as driving, turning, and stopping are not affected.

Recommendations For Toyota 2017 Model Year DCU (Display Control Unit) versions installed in vehicles manufactured from Oct. 2016 to Oct. 2019, consider restricting Bluetooth connectivity when not necessary to minimize the risk of exploitation. As a temporary workaround, limiting access to diagnostic commands may help reduce the impact of potential attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.