Main Vulnerability Database Vulnerabilities #VU26321

#VU26321 Input validation error in Tesla Model 3 - CVE-2020-10558

Published: March 23, 2020 / Updated: January 24, 2023

Vulnerability identifier: #VU26321

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-10558

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Tesla Model 3

Software vendor:
Tesla

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper process separation in the driving interface. A remote attacker can trick a victim to visit a crafted webpage, crash the chromium-based browser interface and inherently crash the entire Tesla Model 3 interface.

Successful exploitation of this vulnerability allows a remote attacker to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen.

Remediation

Install updates from vendor's website.

External links

https://safekeepsecurity.com/about/cve-2020-10558/

#VU26321 Input validation error in Tesla Model 3 - CVE-2020-10558

Description

Remediation

External links

Please verify you're human