Bosch Infotainment ECU Misconfiguration Vulnerability in Nissan Leaf ZE1

Vulnerability

A misconfiguration vulnerability has been identified in the infotainment electronic control unit (ECU) of the 2020 Nissan Leaf ZE1. This vulnerability arises during the startup phase of a specific systemd service, inadvertently activating certain developer features. As a result, the firewall is disabled, and the SSH server is launched, potentially allowing unauthorized access or control over the ECU.

Impact

Exploitation of this vulnerability could lead to remote access of the affected ECU, with the firewall disabled and the SSH server enabled, creating a potential vector for unauthorized control or manipulation of the vehicle's systems.

Added: Feb 15, 2026, 11:20 AM

Updated: Feb 15, 2026, 11:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.3

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.3

remediation

0.0

relevance

2.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bosch Infotainment ECU Misconfiguration Vulnerability in Nissan Leaf ZE1

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating