PT-2025-32437 · Byd · Byd Dilink 3.0 Os
Published
2025-08-09
·
Updated
2025-08-09
·
CVE-2025-7020
CVSS v4.0
5.1
Medium
| Vector | AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/V:D/RE:H |
Name of the Vulnerable Software and Affected Versions:
BYD DiLink 3.0 OS (affected versions not specified)
Description:
An incorrect encryption implementation exists in the system log dump feature. An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment (IVI) unit's storage, allowing access to system logs containing sensitive data, including personally identifiable information (PII) and location data. This issue was introduced in a patch intended to fix a previous issue.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Byd Dilink 3.0 Os