CVE-2024-37600

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Feb 13, 2025

Updated: Feb 14, 2025

CWE ID 121

Summary

CVE-2024-37600 is a recently disclosed vulnerability affecting Mercedes Benz NTG 6 head units from 2021. This issue involves a potential stack buffer overflow in the Service Broker service, which can be exploited through prepared HTTP requests. Physical access to the head unit base board's Ethernet pins and a static IP address on the internal network are required for an attacker to connect and trigger the failure of the Service-Broker service. This vulnerability poses a risk for potential crashes and could potentially be used for more nefarious purposes. Mercedes Benz has not yet released a patch for this issue, so affected users are advised to take appropriate security measures to protect their vehicles.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database