Bluetooth Stack Vulnerability in Volkswagen MIB3 Infotainment Systems
CVE-2023-28911

6.5MEDIUM

Key Information:

Vendor: Preh Car Connect Gmbh (joynext Gmbh)
Status: Volkswagen Mib3 Infotainment System Mib3 Oi MQb
Vendor: CVE Published:; 28 June 2025

🔔 Create Preh Car Connect Gmbh (joynext Gmbh) Vulnerability Alert

What is CVE-2023-28911?

A vulnerability exists within the Bluetooth stack of Volkswagen's MIB3 infotainment systems, stemming from the insufficient validation of user-supplied data. This flaw can lead to arbitrary channel disconnections, enabling attackers to execute denial-of-service (DoS) attacks against all connected clients of the infotainment device. The vulnerability was initially identified in the Skoda Superb III vehicle featuring the MIB3 unit with OEM part number 3V0035820, with additional affected models and OEM part numbers available in the referenced security advisories.

Affected Version(s)

Volkswagen MIB3 infotainment system MIB3 OI MQB 0 <= 0304

References

https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishc...

https://pcacybersecurity.com/resources/advisory/vulnerabi...

technical-description

https://asrg.io/security-advisories/vulnerabilities-in-vo...

third-party-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2025
Vulnerability Reserved
Mar 27, 2023

Credit

Mikhail Evdokimov from PCA Cyber Security (PCAutomotive)