CVE-2023-26244

Name of the Vulnerable Software and Affected Versions Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214

Description An issue was discovered in the Hyundai Gen5W L in-vehicle infotainment system. The AppDMClient binary file can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.

Recommendations For Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214, as a temporary workaround, consider restricting access to the AppDMClient binary file until a patch is available. Additionally, avoid using custom versions of AppUpgrade and .lge.upgrade.xml files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.