VDB
CVE-2019-9493
CVE-2019-9493
PUBLISHED
CVSS 6.5 MEDIUM
The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia.
EPSS 9.17% · 92.8th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
9.17%
92.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mycarcontrols | mycar_controls | 0, 0 |
| AutoMobility Distribution Inc. | MyCar Controls | unspecified, unspecified |
Timeline
- Jan 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- VU#174715 third-party-advisory
- https://www.securityfocus.com/bid/107827 vdb
- https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control url
- https://mycarcontrols.com/ url
- https://itunes.apple.com/us/app/mycar-controls/id1126511815 url
- https://nvd.nist.gov/vuln/detail/CVE-2019-9493 advisory
- https://mycarcontrols.com url
- https://www.kb.cert.org/vuls/id/174715 url