Primary

Context

Tesla Model S Iris Modem Command Injection Code Execution Vulnerability

Vulnerability

Patched

A command injection vulnerability allowing local code execution has been identified in the Iris Modem of Tesla Model S vehicles. The issue arises in the ql_atfwd process, where user-supplied strings are not properly validated before being used in system calls. This lack of validation enables attackers with existing code execution capabilities on the system to execute arbitrary code on the modem with root privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected vehicle's modem, with root privileges.

Remediation

This vulnerability has been fixed in Tesla Firmware Version 2024.8.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tesla Model S Iris Modem Command Injection Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tesla Model S

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating