Lucene search
HistoryAug 23, 2015 - 9:59 p.m.
CVE-2015-2908
mobile devices
c4 obd-ii
firmware
validation
updates
remote code execution
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.1 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.0%
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
Affected configurations
Node
mobile_devicesc4_obd-ii_dongle_firmwareRange≤3.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| mobile_devices:c4_obd-ii_dongle_firmware | mobile devices c4 obd-ii dongle firmware | le | 3.4 |
CNA Affected
[
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.x",
"versionType": "custom"
},
{
"version": "0",
"status": "affected",
"lessThan": "3.4.x",
"versionType": "custom"
}
]
}
]Related
prion
prion
Code injection
2015-08-23 21:59:00
cvelist
cvelist
CVE-2015-2908
2015-08-23 21:00:00
nvd
nvd
CVE-2015-2908
2015-08-23 21:59:05
cert
cert
Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
2015-08-11 00:00:00
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.1 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.0%
Related for CVE-2015-2908