CVE Catalog

CVE-2024-46442

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile - higher than 41% of all known CVEs

Summary

A vulnerability in BYD Dilink Headunit System versions 3.0 to 4.0 allows attackers to bypass authentication via a brute-force attack. The flaw is due to the lack of login attempt restrictions.

Risk Assessment

An attacker could gain unauthorized access to the vehicle's infotainment system, potentially leading to user privacy breaches or manipulation of vehicle settings.

Recommendation

Update the BYD Dilink Headunit System to the latest available version containing security fixes. Implement account lockout mechanisms after a defined number of failed login attempts.

Original NVD description (English source)

An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS