Headline
CVE-2023-39075: Renault ZOE Automotive Infotainment Vulnerability
Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.
Information
Vehicle model : Renault ZOE EV 2021
Software version : 283C35202R
CVE Assignment : CVE-2023-39075
Summary
We analyzed the vulnerabilities in the infotainment system of Renault’s ZOE EV vehicle and found a USB memory vulnerability that caused the infotainment to crash.
[Figure 1]] Vendor Reply E-mail
Analysis
TBD (No plans to go public yet.)
Impact
This attack could allow an attacker to abnormally shut down the vehicle’s infotainment system (resulting in an internal crash).
DEMO
Copyright
Donghyeon Jeong / dhje0ng(at)naver.com