CVE-2016-9337: Command Injection
First published: Mon Feb 13 2017(Updated: )
An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tesla Gateway Ecu |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9337?
CVE-2016-9337 is considered a high severity vulnerability due to its potential to allow remote attacks on Tesla vehicles.
How do I fix CVE-2016-9337?
To fix CVE-2016-9337, update the Tesla Model S firmware to version 7.1 (2.36.31) or later.
What devices are affected by CVE-2016-9337?
CVE-2016-9337 affects Tesla Motors Model S vehicles with web browser functionality and firmware versions prior to 7.1 (2.36.31).
Can CVE-2016-9337 lead to remote code execution?
Yes, CVE-2016-9337 can allow an attacker to execute remote commands and potentially install malicious software.
Is there a known exploit for CVE-2016-9337?
Details about exploits for CVE-2016-9337 have been reported, indicating that the vulnerability can be exploited under certain conditions.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/tesla
- canonical/tesla gateway ecu