{"vulnerability": "CVE-2023-34404", "sightings": [{"uuid": "5651cd74-d883-42b6-bf84-766781e71de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672", "content": "", "creation_timestamp": "2025-01-17T13:35:06.709240Z"}, {"uuid": "ba8e61e5-81fb-46a9-b1bd-3f6301ffae3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "Telegram/opwyOXbsDByYjS5mLV1ENDJYyh7aq-rIwRzZRs0v4yzCauh-", "content": "", "creation_timestamp": "2025-02-14T10:09:24.000000Z"}, {"uuid": "f0144b10-1169-4b10-b118-35b3eb5bc21b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li3sy6dx3f2c", "content": "", "creation_timestamp": "2025-02-13T23:15:36.504041Z"}, {"uuid": "059afb82-bddf-43a7-aab0-21acc134b810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li3xgddvx32v", "content": "", "creation_timestamp": "2025-02-14T00:35:08.501550Z"}, {"uuid": "afcb0033-ae27-403e-b722-03e74e51b22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloapb7s2d", "content": "", "creation_timestamp": "2025-02-18T15:36:47.397233Z"}, {"uuid": "c9955a02-92c2-4b21-a82a-2f67c79de34d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloc6vn22d", "content": "", "creation_timestamp": "2025-02-18T15:36:48.111662Z"}, {"uuid": "fb67db29-726c-4851-bc4e-71b1c937fbc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3lihloc6vn32d", "content": "", "creation_timestamp": "2025-02-18T15:36:48.810758Z"}, {"uuid": "18b9fc95-5c74-4a71-bd46-0b049c82d091", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4382", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34404\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2025-02-13T23:15:09.553\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://securelist.com/mercedes-benz-head-unit-security-research/115218/", "creation_timestamp": "2025-02-14T01:11:29.000000Z"}, {"uuid": "20ac66d7-ab4c-4c11-b166-f914c780a2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4393", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34404\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability.\n\ud83d\udccf Published: 2025-02-14T00:30:44Z\n\ud83d\udccf Modified: 2025-02-14T00:30:44Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-34404\n2. https://securelist.com/mercedes-benz-head-unit-security-research/115218", "creation_timestamp": "2025-02-14T01:15:23.000000Z"}, {"uuid": "9ee5dcbc-89d7-42f7-8ed0-954680561a13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://t.me/cvedetector/18060", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-34404 - Mercedes-Benz NTG6 Command Injection in Ethernet Interface\", \n  \"Content\": \"CVE ID : CVE-2023-34404 \nPublished : Feb. 13, 2025, 11:15 p.m. | 33\u00a0minutes ago \nDescription : Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Attacker can connect to these pins and get access to internal network. As a result, by accessing a specific port an attacker can send call request to all registered services in router and achieve command injection vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T01:32:25.000000Z"}, {"uuid": "a6558b37-2032-43e5-93c9-d28d7d3821ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34404", "type": "seen", "source": "https://t.me/true_secator/6638", "content": "\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0438\u0437 \u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u043e\u0435\u0433\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0441\u043c\u043e\u0433\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 13 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\u00a0\u0432 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e-\u0440\u0430\u0437\u0432\u043b\u0435\u043a\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 Mercedes-Benz User Experience (MBUX) \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043f\u043e\u043a\u043e\u043b\u0435\u043d\u0438\u044f.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043d\u043e\u0439 \u0442\u043e\u0447\u043a\u0438 \u0432 \u0438\u0437\u0443\u0447\u0435\u043d\u0438\u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 MBUX \u0438 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u044b\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u043e\u0442\u0447\u0435\u0442 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u043e\u0439 KeenLab \u043e\u0442 2021 \u0433\u043e\u0434\u0430.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432 \u041b\u041a \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u043d\u0430\u043b\u0438\u0437\u0435 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c MBUX, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u043d\u0435 \u0431\u044b\u043b\u043e \u0443\u0434\u0435\u043b\u0435\u043d\u043e \u0434\u043e\u043b\u0436\u043d\u043e\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0438\u0445 \u043a\u043e\u043b\u043b\u0435\u0433\u0430\u043c\u0438: \u0434\u0438\u0430\u0433\u043d\u043e\u0441\u0442\u0438\u043a\u0430 (CAN, UDS \u0438 \u0442.\u0434.), \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c USB \u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u044b \u043c\u0435\u0436\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043d\u043e\u0433\u043e \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f (IPC).\n\n\u0412 \u0445\u043e\u0434\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u0430\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0442\u0435\u0441\u0442\u043e\u0432\u0443\u044e \u043c\u043e\u0434\u0435\u043b\u044c \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435 (\u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0437\u0446\u0430 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043b\u0438 Mercedes B180), \u043a \u043a\u043e\u0442\u043e\u0440\u043e\u043c\u0443 \u0438\u043c\u0435\u043b\u0441\u044f \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f DoS-\u0430\u0442\u0430\u043a, \u0432 \u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043a\u0430\u043a \u0434\u0440\u0443\u0433\u0438\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u044b\u0445, \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0438\u043c\u0435\u044e\u0449\u0438\u0439 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044e, \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043e\u0442 \u043a\u0440\u0430\u0436\u0438 \u0432 \u0433\u043e\u043b\u043e\u0432\u043d\u043e\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0435, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f \u0438 \u0440\u0430\u0437\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043b\u0430\u0442\u043d\u044b\u0435 \u0443\u0441\u043b\u0443\u0433\u0438.\n\n\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 USB, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0443\u044e \u043e\u0431\u044b\u0447\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e. \n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0438 \u0437\u0430\u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u043b\u044f \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c: CVE-2024-37601 - CVE-2024-37603, CVE-2023-34397 - CVE-2023-34404, CVE-2023-34406.\n\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043f\u043e \u043a\u0430\u0436\u0434\u043e\u0439 CVE - \u0437\u0434\u0435\u0441\u044c, \u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 - \u0432 \u043e\u0442\u0447\u0435\u0442\u0435.", "creation_timestamp": "2025-01-20T18:30:05.000000Z"}]}