CVE-2024-6245 HIGH

CVE-2024-6245: Default Credentials in ssh service for SmartPlay in Maruti Suzuki

Vendor Faurecia Clarion Electronics Co., Ltd.
Product SmartPlay
Weakness CWE-1392
Published October 28, 2024
Last update November 7, 2024

CVSS base score

7.4/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50.

Key dates

02Disclosure timeline

October 28, 2024 CVE published
November 7, 2024 Record updated