#VU26321 Input validation error in Tesla Model 3 - CVE-2020-10558
Published: March 23, 2020 / Updated: January 24, 2023
Vulnerability identifier: #VU26321
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2020-10558
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Tesla Model 3
Tesla Model 3
Software vendor:
Tesla
Tesla
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to due to improper process separation in the driving interface. A remote attacker can trick a victim to visit a crafted webpage, crash the chromium-based browser interface and inherently crash the entire Tesla Model 3 interface.
Successful exploitation of this vulnerability allows a remote attacker to disable the speedometer, web browser, climate controls, turn signals, navigation, autopilot notifications, and blinker notifications along with other miscellaneous functions from the main screen.
Remediation
Install updates from vendor's website.