MidnightBSD

Advisories for hyundai

CVE-2019-14360 LOW

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-203,

Products Affected

Vendor Product Version
hyundai kasse_hk-1000_firmware -
hyundai-pay hk-1000 -
CVE-2022-37418

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
hyundai hyundai_firmware *
kia kia_firmware *
nissan nissan_firmware *
CVE-2023-26243

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.

Products Affected

Vendor Product Version
hyundai gen5w_l_in-vehicle_infotainment_system_firmware ae_e_pe_eur.s5w_l001.001.211214
hyundai gen5w_l_in-vehicle_infotainment_system_firmware 5w.xxx.s5w_l.001.001.221129
CVE-2023-26244

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.

Products Affected

Vendor Product Version
hyundai gen5w_l_in-vehicle_infotainment_system_firmware ae_e_pe_eur.s5w_l001.001.211214
hyundai gen5w_l_in-vehicle_infotainment_system_firmware 5w.xxx.s5w_l.001.001.221129
CVE-2023-26245

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.

Products Affected

Vendor Product Version
hyundai gen5w_l_in-vehicle_infotainment_system_firmware ae_e_pe_eur.s5w_l001.001.211214
hyundai gen5w_l_in-vehicle_infotainment_system_firmware 5w.xxx.s5w_l.001.001.221129
CVE-2023-26246

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.

Products Affected

Vendor Product Version
hyundai gen5w_l_in-vehicle_infotainment_system_firmware ae_e_pe_eur.s5w_l001.001.211214
hyundai gen5w_l_in-vehicle_infotainment_system_firmware 5w.xxx.s5w_l.001.001.221129
CVE-2023-39373

 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
hyundai hyundai_2017_firmware -
CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4

Products Affected

Vendor Product Version
hyundai navigation std5w.eur.hmc.230516.afa908d