📦

customer-link_bridge

Name: customer-link_bridge
Author: WatchStack

Vendor: htc

Login to add this product to WatchStack

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.26% Exploit Prob.

Latest CVE CVE-2018-1170 Mar 02

Security Vulnerability Index

Page 1 / 1

8.8 CVSS

CVE-2018-1170

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Customer-Link App and Customer-Link Bridge. The issue results from the lack of a proper protection mechanism against unauthorized firmware updates. An attacker can leverage this vulnerability to inject CAN messages. Was ZDI-CAN-5264.

EPSS: 0.26%

Severity: HIGH

Mar 02, 2018

Displaying 1 of 1 Total Entries

1

Total 1 Sections