CVE-2024-6032 – Tesla Model S Iris Modem Command Injection Code Execution Vulnerability

April 30, 2025

CVE ID : CVE-2024-6032

Published : April 30, 2025, 8:15 p.m. | 2 hours, 54 minutes ago

Description : Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability.

The specific flaw exists within the ql_atfwd process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code on the target modem in the context of root. Was ZDI-CAN-23201.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-27611 – Base-x Unvalidated User Input Address Manipulation Vulnerability

Next Article CVE-2024-6031 – Tesla Model S oFono AT Command Heap Buffer Overflow Code Execution Vulnerability

Highlights

CVE-2025-5789 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

June 6, 2025

CVE ID : CVE-2025-5789

Published : June 6, 2025, 6:15 p.m. | 1 hour, 33 minutes ago

Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

Championing Innovation as a Newly Named Databricks Champion

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2024-6032 – Tesla Model S Iris Modem Command Injection Code Execution Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Making it stick: How to get the most out of cybersecurity training

L’adozione di RISC-V nelle distribuzioni Enterprise Linux

“The Timeline Is Uncertain” — Steam and PayPal Divorce, and Valve Says It’s All About Money

Visual Studio Code now supports Baseline

CVE-2025-5789 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

Why I recommend this Nikon camera to most beginner photographers – especially at this price

I’ve fallen in love with this stunning 5K monitor and its built-in KVM switch — it’s ideal for my creative projects

CVE-2025-23269 – NVIDIA Jetson Linux Microarchitectural Predictor State Information Disclosure

CVE-2024-6032 – Tesla Model S Iris Modem Command Injection Code Execution Vulnerability

Related Posts