Skip to main content
CVE-2015-2908 CRITICAL Act Now

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE C4 Obd Ii Dongle Firmware
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-2907 CRITICAL Act Now

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure C4 Obd Ii Dongle Firmware
NVD
CVSS 2.0
9.0
EPSS
0.4%
CVE-2015-2906 CRITICAL Act Now

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers'. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure C4 Obd Ii Dongle Firmware
NVD
CVSS 2.0
9.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy