3 matches found
CVE-2015-2907
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...
CVE-2015-2908
CVE-2015-2908 affects Mobile Devices (MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x. The root cause is lack of validation for firmware updates, allowing a remote attacker to cause arbitrary code execution on the device by directing it to an attacker-controlled update server. The vulnerabilit...
CVE-2015-2908
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...