Primary

Context

Tesla Model S oFono AT Command Heap-Based Buffer Overflow Code Execution Vulnerability

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in the oFono component of Tesla Model S vehicles, allowing local attackers to execute arbitrary code. The vulnerability arises from improper validation of user-supplied data lengths in the parsing of AT command responses, leading to potential code execution in the device's context. To exploit this vulnerability, an attacker must first gain the ability to execute code on the target modem.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected vehicle.

Remediation

This vulnerability has been fixed in Tesla Firmware Version 2024.2.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tesla Model S oFono AT Command Heap-Based Buffer Overflow Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tesla Model S

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating