Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 13/02/2025 Updated: 14/02/2025

Mercedes Benz NTG 6 Car Play NULL Pointer Dereference via Physical Ethernet Access

A NULL pointer dereference vulnerability exists in Mercedes Benz NTG 6 through 2021 within the Apple Car Play function. The issue requires physical access to the Ethernet pins of the head unit base board. An attacker can connect to the internal network using a static IP address and target the AirTunes / AirPlay service. By sending prepared HTTP requests, the attacker can cause the Car Play service to fail.

Mercedes-Benz Head Unit security research report

Securelist • Kaspersky Security Services • 17 Jan 2025

Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab. Their report is a good starting point for diving deep into the MBUX internals and understanding the architecture of the system. In our research we performed detailed analysis of the first generatio...

CVE-2024-37602

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect