Unrated severityNVD Advisory· Published Aug 23, 2015· Updated May 6, 2026

CVE-2015-2907

Description

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.

Affected products

Munic/Mobile Devices (mdi) Obd Ii Donglesv5
Range: 0
Mobile Devices/C4 Obd Ii Dongle Firmware
cpe:2.3:o:mobile_devices:c4_obd-ii_dongle_firmware:*:*:*:*:*:*:*:*
Range: <=3.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/209512nvdThird Party AdvisoryUS Government Resource
www.usenix.org/conference/woot15/workshop-program/presentation/fosternvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000