Search criteria
6 vulnerabilities found for Mobile Devices (MDI) OBD-II dongles by Munic
CVE-2015-2908 (GCVE-0-2015-2908)
Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460651Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2908",
"datePublished": "2015-08-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2907 (GCVE-0-2015-2907)
Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460651Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2907",
"datePublished": "2015-08-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2906 (GCVE-0-2015-2906)
Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers\u0027 installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T15:46:59.871Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2906",
"datePublished": "2015-08-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2908 (GCVE-0-2015-2908)
Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460651Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2908",
"datePublished": "2015-08-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2906 (GCVE-0-2015-2906)
Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers\u0027 installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T15:46:59.871Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2906",
"datePublished": "2015-08-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2907 (GCVE-0-2015-2907)
Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI?
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic ",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460651Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2907",
"datePublished": "2015-08-23T21:00:00",
"dateReserved": "2015-04-03T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}