VYPR

C4 Obd Ii Dongle Firmware

by Mobile Devices

CVEs (3)

  • CVE-2015-2908Aug 23, 2015
    risk 0.00cvss epss 0.02

    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.

  • CVE-2015-2907Aug 23, 2015
    risk 0.00cvss epss 0.03

    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.

  • CVE-2015-2906Aug 23, 2015
    risk 0.00cvss epss 0.03

    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging…