Zero Motorcycles Firmware
Summary
A vulnerability in Zero Motorcycles firmware versions 44 and earlier allows attackers to forcibly pair a device via Bluetooth and potentially upload malicious firmware. Exploitation requires the motorcycle to be in pairing mode, the attacker to be in proximity, and to remain paired during the firmware update process.
IFF Assessment
This vulnerability allows an attacker to gain unauthorized access and alter the motorcycle's firmware, posing a direct threat to vehicle security and potentially rider safety.
Severity
The CVSS score of 6.4 reflects a 'medium' severity, indicating that while an attacker can modify firmware, it requires specific conditions like proximity and the vehicle being in pairing mode.
Defender Context
This highlights the increasing attack surface of connected vehicles. Defenders should monitor for unauthorized Bluetooth pairing attempts and ensure that firmware updates are secured and validated. The critical infrastructure sector, specifically transportation, is a target for such attacks.