CVE-2023-26245

Name of the Vulnerable Software and Affected Versions Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214

Description An issue was discovered in the Hyundai Gen5W L in-vehicle infotainment system. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version, such as newer, older, or customized. This indirectly allows an attacker to install custom firmware in the IVI system.

Recommendations For Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214, as a temporary workaround, consider restricting access to the AppUpgrade binary file until a patch is available. Additionally, avoid using the firmware installation process with untrusted firmware versions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.