MEDIUM🇵🇱 Wersja polska

CVE-2024-6029

CVSS 5.0v3.0pub. 2025-04-30upd. 2025-08-12

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the xtables lock. An attacker can leverage this vulnerability to bypass firewall rules. Was ZDI-CAN-23197.

CVSS Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Tesla Model S

    HW
    Tesla
    wszystkie wersje
  • Tesla Model S Firmware

    OS
    Tesla
    < 2024.2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Race ConditionFirewall
CWE
References

Related vulnerabilities

CVE-2024-13943HIGH7.8ten sam produkt

Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This ...

CVE-2024-6030HIGH7.0ten sam produkt

Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attac...

CVE-2024-6031HIGH7.8ten sam produkt

Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability all...

CVE-2024-6032HIGH7.8ten sam produkt

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows lo...

CVE-2022-27948HIGH7.2ten sam produkt

Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal co...