CVE-2019-9493

Name: CVE-2019-9493
Creator: NVD / NIST
Published: 2020-01-15T17:15:14.66+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 3.57%

Last modified Jun 17, 2026

CVE-2019-9493 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. EPSS estimates a 3.57% chance of exploitation in the next 30 days.

Description

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.57%

87.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Mycarcontrols	Mycar Controls	< 3.4.24
Mycarcontrols	Mycar Controls	< 4.1.2

References

https://itunes.apple.com/us/app/mycar-controls/id1126511815Product
https://mycarcontrols.com/Product
https://play.google.com/store/apps/details?id=app.com.automobility.mycar.controlProduct
https://www.kb.cert.org/vuls/id/174715/Third Party Advisory, US Government Resource
https://www.securityfocus.com/bid/107827Third Party Advisory, VDB Entry
https://itunes.apple.com/us/app/mycar-controls/id1126511815Product
https://mycarcontrols.com/Product
https://play.google.com/store/apps/details?id=app.com.automobility.mycar.controlProduct
https://www.kb.cert.org/vuls/id/174715/Third Party Advisory, US Government Resource
https://www.securityfocus.com/bid/107827Third Party Advisory, VDB Entry

Timeline

Published: Jan 15, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-9493?

How severe is CVE-2019-9493?

CVE-2019-9493 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 3.57% probability of exploitation in the next 30 days.

How do I fix CVE-2019-9493?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-9493?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST