HIGH🇬🇧 English

CVE-2023-32156

CVSS 8.8v3.1pub. 2024-05-03upd. 2025-08-13

Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla's Gateway ECU. . Was ZDI-CAN-20734.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tesla Model 3

    HW
    Tesla
    wszystkie wersje
  • Tesla Model 3 Firmware

    OS
    Tesla
    2023.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-2082HIGH7.5ten sam produkt

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-ad...

CVE-2023-32155HIGH7.0ten sam produkt

Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows l...

CVE-2023-32157HIGH7.5ten sam produkt

Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerabi...

CVE-2022-42430HIGH7.8ten sam produkt

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must ...

CVE-2022-42431HIGH7.8ten sam produkt

This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must ...

CVE-2023-32156 — HIGH 8.8 | CVEbaza.pl