List of CVE’s for Me
I am an experienced Vulnerability Researcher and Security Architect with 16+ years of experience in various verticals and horizontals, be it consumer electronics, semiconductors, automotive or other. Having started in software engineer in low-level embedded devices from writing applications to kernel drivers on various operating systems and then moving to my real calling i.e. hacking. Love to stick to the older golden days of game hacking, BBS, shareware, phreaking, phrack, virus era, metal music, cheats and many more such cool stuff from the underground. I wear many hats from time to time as necessary - but I also love to help people and organizations to deal with the core cybersecurity issues and not provide them a checklist with a presentation. Opinions and posts on my site are purely my own and do not reflect my work.
I am absolutely a no fan to report CVE’s and wanted to never publish something ever. But one of my good friend convinced me after a heated and controversial debate to do so. Therefore I decided to start logging them on the CVE site here – https://cveform.mitre.org
| CVE Number | Description | What I feel |
|---|---|---|
| CVE-2023-40291 | Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name | Its very trivial |
| CVE-2023-40292 | Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets. | Requires some wireshark stuff |
| CVE-2023-40293 | Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. | Needs idea on DBUS and python |
| CVE-2019-25153 | Unassigned yet |
