Multiple Vulnerabilities in th... Note

Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System

Researchers discovered multiple vulnerabilities in the Mazda Connect Connectivity Master Unit (CMU) system, affecting models such as the Mazda 3 from 2014 to 2021. These vulnerabilities are caused by insufficient sanitization when handling user input. An attacker can exploit these vulnerabilities by connecting a specially crafted USB device, like an iPod, to the target system. The vulnerabilities include SQL injection, command injection, and missing root of trust in hardware.