PT-2023-20561 · Hyundai · Hyundai Gen5W L
Published
2023-04-27
·
Updated
2025-01-31
·
CVE-2023-26246
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214
Description
An issue was discovered in the Hyundai Gen5W L in-vehicle infotainment system where the AppUpgrade binary file can be modified by an attacker to bypass the digital signature check. This allows an attacker to install custom firmware in the IVI system.
Recommendations
For Hyundai Gen5W L in-vehicle infotainment system version AE E PE EUR.S5W L001.001.211214, as a temporary workaround, consider restricting access to the AppUpgrade binary file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Incorrect Authorization
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hyundai Gen5W L