CVE-2023-26244
7.8 HIGHAn issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214
Published: 2023-04-27 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-269, CWE-863
Affected products
| Vendor | Product |
|---|---|
| hyundai | gen5w_l_firmware |
Description
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-26244
- [Other]https://sowhat.iit.cnr.it
- [Exploit reference]https://sowhat.iit.cnr.it:8443/can-work/chimaera
- [Exploit reference]https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf
- [Other]https://sowhat.iit.cnr.it
- [Exploit reference]https://sowhat.iit.cnr.it:8443/can-work/chimaera
- [Exploit reference]https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf
Related CVEs
Same vendor
- CVE-2023-26246 — An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214 (7.8 HIGH)
- CVE-2023-26245 — An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214 (7.8 HIGH)
- CVE-2023-26243 — An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214 (7.8 HIGH)
Same CWE
- CVE-2026-53860 — OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries... (4.2 MEDIUM)
- CVE-2026-53855 — OpenClaw before 2026.4.2 contains an inline-eval bypass vulnerability allowing authenticated operators to weaken strict allowlist checks ... (8.1 HIGH)
- CVE-2026-53854 — OpenClaw before 2026.4.25 contains a privilege escalation vulnerability in internal and webchat command authentication that allows sender... (6.5 MEDIUM)
- CVE-2026-53853 — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
- CVE-2024-38487 — api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unint... (7.0 HIGH)