In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available
The BYD Atto3 vehicle's Electronic Parking Break and Supplemental Restoration System are vulnerable to a brute force attack, which can allow an attacker to obtain an authentication key and gain access to these systems. This key can be used to flash the ECUs and potentially take control of the vehicle's systems. The attack requires physical access to the vehicle.
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and Supplemental Restoration System (SRS) related ECUs.
Owners of BYD Atto3 vehicles are at high risk of unauthorized access to their vehicle's systems due to this vulnerability.
Remediation Recommended
This vulnerability carries significant risk. Schedule patching in your next cycle.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
0
Affected Products
4
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Exploitability
Impact