Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/209512 | Third Party Advisory US Government Resource |
https://www.usenix.org/conference/woot15/workshop-program/presentation/foster |
Configurations
History
01 Mar 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password. |
Information
Published : 2015-08-23 21:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-2907
Mitre link : CVE-2015-2907
CVE.ORG link : CVE-2015-2907
JSON object : View
Products Affected
mobile_devices
- c4_obd-ii_dongle_firmware
CWE