Root Access Vulnerability in Harman Infotainment System via USB-to-Ethernet
CVE-2023-40291

6.8MEDIUM

Key Information:

Vendor: Samsung
Status: Harman Infotainment
Vendor: CVE Published:; 14 August 2023

What is CVE-2023-40291?

The Harman Infotainment system 20190525031613 has a security flaw that allows unauthorized root access through SSH when connected via a USB-to-Ethernet dongle. This vulnerability stems from the use of a weak password based on an internal project name, posing significant risks to the security and privacy of connected vehicles. Users are urged to take precautionary measures until an official patch is provided.

References

https://autohack.in/2023/07/26/dude-its-my-car-how-to-dev...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Aug 14, 2023

Samsung

What is CVE-2023-40291?

References

CVSS V3.1

Timeline