Primary

Context

Oncord+ Android Infotainment System ADB Port Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Oncord+ Android Infotainment Systems running Android 12, Model TS17, Hardware part Number F57L_V3.2_20220301, and Build Number K24-2023/05/09-v0.01. The issue arises from improper access control on the ADB port, allowing attackers to execute arbitrary code remotely.

Impact

Exploitation of this vulnerability grants root access to the infotainment unit.

Reproduction

The vulnerability can be reproduced by accessing the ADB port on the affected device. This can be done by connecting the device to a computer and using ADB commands to execute arbitrary code. The exploitation process may involve uploading a malicious script that creates a persistent backdoor on the device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oncord+ Android Infotainment System ADB Port Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating