Description
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware.
Vulnerability discovered on Škoda Superb III (3V3) – 2.0 TDI manufactured in 2022.
Advisory Details
- CVE ID
- CVE-2023-28897
- Affected Products
- MIB3 Infotainment Unit
- Problem Type
- CWE-798 Use of Hard-coded Credentials
- CAPEC ID
- CAPEC-115 Authentication Bypass
- Published
- Jan 12, 2024