CVE-2024-6032

NONE EPSS 39.0%

Published Apr 30, 20251y ago · Modified Jun 17, 20261w ago

Published Apr 30, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Tesla Model S Iris Modem ql_atfwd Command Injection Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code on the target system in order to exploit this vulnerability. The specific flaw exists within the ql_atfwd process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code on the target modem in the context of root. Was ZDI-CAN-23201.

Threat Intelligence

EPSS Exploit Probability

39.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 2

Vendor	Product	Version	Range
tesla	model_s_firmware	*	<2024.8
tesla	model_s	*	any

References 1

zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-264/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.