Headline
CVE-2023-47393: Mercedes-benz can download repair orders and contract orders at will
An access control issue in Mercedes me IOS APP v1.34.0 and below allows attackers to view the maintenance orders of other users and access sensitive user information via unspecified vectors.
- Star 0 You must be signed in to star a gist
- Fork 0 You must be signed in to fork a gist
Star
You must be signed in to star a gist
Embed
What would you like to do?
Mercedes-benz can download repair orders and contract orders at will
Mercedes me IOS APP unauthorized access to booking maintenance orders
Affected version: APP version <=1.34.0
Test tool: iPhone 13 pro-ios 16.6.1+Yakit1.2.7
Vulnerability URL :
We can check other orders by traversing odd numbers
Order information includes 4s shop, owner’s phone number, name, model, date and other information