CVE-2024-46442
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk41th percentile - higher than 41% of all known CVEs
Summary
A vulnerability in BYD Dilink Headunit System versions 3.0 to 4.0 allows attackers to bypass authentication via a brute-force attack. The flaw is due to the lack of login attempt restrictions.
Risk Assessment
An attacker could gain unauthorized access to the vehicle's infotainment system, potentially leading to user privacy breaches or manipulation of vehicle settings.
Recommendation
Update the BYD Dilink Headunit System to the latest available version containing security fixes. Implement account lockout mechanisms after a defined number of failed login attempts.
Original NVD description (English source)
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.

