CVE-2023-26243

7.8 HIGH
Published: April 27, 2023 Modified: April 06, 2026
View on NVD

Description

An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://sowhat.iit.cnr.it
Source: cve@mitre.org
Not Applicable
https://sowhat.iit.cnr.it:8443/can-work/chimaera
Source: cve@mitre.org
Exploit Third Party Advisory
https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf
Source: cve@mitre.org
Exploit Third Party Advisory
https://sowhat.iit.cnr.it
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://sowhat.iit.cnr.it:8443/can-work/chimaera
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
https://sowhat.iit.cnr.it:8443/can-work/chimaera/-/blob/main/Report/IIT-01-2023.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
0.0%
12th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-668 CWE-22

Affected Vendors

hyundai

Related CVEs

CVE-2026-5832 7.3
CVE-2026-5831 6.3
CVE-2026-5830 8.8
CVE-2026-5829 7.3
CVE-2026-5828 7.3