Details of VAR-202201-1853

ID

VAR-202201-1853

CVE

CVE-2022-23126

TITLE

TeslaMate Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004103

DESCRIPTION

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. TeslaMate There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-23126 // JVNDB: JVNDB-2022-004103 // VULMON: CVE-2022-23126

IOT TAXONOMY

category:

['vehicle device']

sub_category:

vehicle

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	teslamate	model:	teslamate	scope:	lt	version:	1.25.1	Trust: 1.0
vendor:	teslamate	model:	teslamate	scope:	eq	version:	1.25.1	Trust: 0.8
vendor:	teslamate	model:	teslamate	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-004103 // NVD: CVE-2022-23126

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23126
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-23126
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202201-2250
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2022-23126
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-23126
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2022-23126
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-23126
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2022-23126 // JVNDB: JVNDB-2022-004103 // CNNVD: CNNVD-202201-2250 // NVD: CVE-2022-23126

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004103 // NVD: CVE-2022-23126

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-2250

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202201-2250

PATCH

title:	v1.25.1	url:	https://github.com/adriankumpf/teslamate/commit/fff6915e7364f83b3030f980d5743299c4e5260d	Trust: 0.8
title:	TeslaMate Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180011	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-23126 // JVNDB: JVNDB-2022-004103 // CNNVD: CNNVD-202201-2250

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23126	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-004103	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-2250	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2022-23126	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-23126 // JVNDB: JVNDB-2022-004103 // CNNVD: CNNVD-202201-2250 // NVD: CVE-2022-23126

REFERENCES

url:	https://twitter.com/teslascope/status/1481252837174624258	Trust: 2.5
url:	https://github.com/adriankumpf/teslamate/commit/fff6915e7364f83b3030f980d5743299c4e5260d	Trust: 1.7
url:	https://github.com/adriankumpf/teslamate/releases/tag/v1.25.1	Trust: 1.7
url:	https://github.com/adriankumpf/teslamate/compare/v1.25.0...v1.25.1	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23126	Trust: 1.4
url:	https://medium.com/@david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028	Trust: 1.4
url:	https://medium.com/%40david_colombo/how-i-got-access-to-25-teslas-around-the-world-by-accident-and-curiosity-8b9ef040a028	Trust: 1.1
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2022-23126 // JVNDB: JVNDB-2022-004103 // CNNVD: CNNVD-202201-2250 // NVD: CVE-2022-23126

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2022-23126
db:	JVNDB	id:	JVNDB-2022-004103
db:	CNNVD	id:	CNNVD-202201-2250
db:	NVD	id:	CVE-2022-23126

LAST UPDATE DATE

2025-05-29T23:02:59.835000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-23126	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-004103	date:	2023-03-20T05:21:00
db:	CNNVD	id:	CNNVD-202201-2250	date:	2022-01-29T00:00:00
db:	NVD	id:	CVE-2022-23126	date:	2025-05-28T21:48:43.560

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-23126	date:	2022-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2022-004103	date:	2023-03-20T00:00:00
db:	CNNVD	id:	CNNVD-202201-2250	date:	2022-01-24T00:00:00
db:	NVD	id:	CVE-2022-23126	date:	2022-01-24T19:15:08.447