Lucene search
HistoryAug 23, 2015 - 9:59 p.m.
CVE-2015-2907
cve-2015-2907
mobile devices
mdi
c4
obd-ii
firmware
metromile pulse
ssh
hardcoded credentials
remote attackers
nvd
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.1%
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
Affected configurations
Node
mobile_devicesc4_obd-ii_dongle_firmwareRange≤3.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| mobile_devices:c4_obd-ii_dongle_firmware | mobile devices c4 obd-ii dongle firmware | le | 3.4 |
CNA Affected
[
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.x",
"versionType": "custom"
},
{
"version": "0",
"status": "affected",
"lessThan": "3.4.x",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2015-2907
2015-08-23 21:59:04
prion
prion
Hardcoded credentials
2015-08-23 21:59:00
cvelist
cvelist
CVE-2015-2907
2015-08-23 21:00:00
cert
cert
Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
2015-08-11 00:00:00
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
6.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.1%
Related for CVE-2015-2907