CVE-2023-29389

Published: Apr 5, 2023

Modified: Feb 12, 2025

PUBLISHED

Description

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://kentindell.github.io/2023/04/03/can-injection/

https://news.ycombinator.com/item?id=35452963

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-29389

Description

Affected Products

References