Authentication Bypass Vulnerability in Tesla Model 3 Mobile App
CVE-2022-37709

5.3MEDIUM

Key Information:

Vendor

Tesla

Status
Model 3 Firmware
Vendor
CVE Published:
16 September 2022

What is CVE-2022-37709?

The Tesla Model 3's Phone Key functionality is susceptible to authentication bypass through spoofing, enabling unauthorized access. Attackers can exploit the vulnerability by executing Man-in-the-Middle attacks within the Bluetooth Low Energy (BLE) channel, facilitating unauthorized entry into the vehicle. This security flaw allows malicious actors to unlock doors and potentially drive the car away by masquerading as a legitimate Phone Key user, raising serious concerns about vehicle security and user safety.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/fmsh-seclab/TesMla
x_refsource_MISC
https://youtu.be/cPhYW5FzA9A
x_refsource_MISC
https://fmsh-seclab.github.io/
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.