Model X Firmware
CVE-2020-29439
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.)
AnalysisAI
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) Affected products include: Tesla Model X Firmware. Version information: before 2020.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Model X Firmware
View allTesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. Rate
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob w
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today