Unrated severityNVD Advisory· Published Aug 23, 2015· Updated May 6, 2026

CVE-2015-2908

Description

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.

Affected products

Munic/Mobile Devices (mdi) Obd Ii Donglesv5
Range: 0
Mobile Devices/C4 Obd Ii Dongle Firmware
cpe:2.3:o:mobile_devices:c4_obd-ii_dongle_firmware:*:*:*:*:*:*:*:*
Range: <=3.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/209512nvdThird Party AdvisoryUS Government Resource
www.usenix.org/conference/woot15/workshop-program/presentation/fosternvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000