HIGH🇬🇧 English

CVE-2024-6032

CVSS 7.8v3.0pub. 2025-04-30upd. 2025-08-12

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The specific flaw exists within the ql_atfwd process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code on the target modem in the context of root. Was ZDI-CAN-23201.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Tesla Model S

    HW
    Tesla
    wszystkie wersje
  • Tesla Model S Firmware

    OS
    Tesla
    < 2024.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2024-13943HIGH7.8ten sam produkt

Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This ...

CVE-2024-6030HIGH7.0ten sam produkt

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attac...

CVE-2024-6031HIGH7.8ten sam produkt

Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability all...

CVE-2022-27948HIGH7.2ten sam produkt

Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal co...

CVE-2024-6029MEDIUM5.0ten sam produkt

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjac...

CVE-2024-6032 — HIGH 7.8 | CVEbaza.pl