CVE-2024-37600

Name of the Vulnerable Software and Affected Versions Mercedes Benz NTG (New Telematics Generation) versions 6 through 2021

Description The issue is related to a possible stack buffer overflow in the Service Broker service of the Mercedes-Benz User Experience (MBUX) system, which can allow an attacker to execute arbitrary code or cause a denial of service. To exploit this issue, an attacker needs physical access to the Ethernet pins of the head unit base board and a static IP address to connect to the Service Broker service via the internal network. The attacker can then send prepared HTTP requests to cause the Service-Broker service to fail.

Recommendations For Mercedes Benz NTG (New Telematics Generation) versions 6 through 2021, as a temporary workaround, consider restricting access to the Service Broker service until a patch is available. Additionally, ensure that physical access to the Ethernet pins of the head unit base board is secured to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.