Search criteria
3 vulnerabilities found for bluedriver by lemurmonitors
VAR-201604-0278
Vulnerability from variot - Updated: 2025-04-12 21:19The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. Lemur Vehicle Monitors of BlueDriver LSB2 Is OBD2 A device that connects to a port to provide information about vehicle performance. BlueDriver LSB2 Is Bluetooth For access by PIN Is not required Bluetooth Anyone within range of the vehicle CAN (Controller Area Network) Any command can be sent to the bus. Lack of authentication for critical functions (CWE-306) - CVE-2016-2354 CERT/CC Is BlueDriver LSB2 What Bluetooth When accessing with PIN Confirmed that is not necessary. This issue Bluetooth Anyone within range of OBD2 It is possible to obtain diagnostic information such as fuel consumption, trouble code, speed, and displacement information. Also, the attacker CAN (Controller Area Network) Any command can be sent to the bus. Depending on the vehicle, attackers can affect steering and braking. CWE-306: Missing Authentication for Critical Function http://cwe.mitre.org/data/definitions/306.html In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.htmlAttack Bluetooth Although it is necessary to do it from within the wireless range, it is possible to attack via a mobile phone in the vehicle. Depending on the vehicle type and model, various effects can be expected, from information leaks to life-threatening dangers. Attackers can exploit this issue to gain unauthorized access. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bluedriver",
"scope": "lte",
"trust": 1.0,
"vendor": "lemurmonitors",
"version": "6.3.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lemur vehicle monitors",
"version": null
},
{
"model": "bluedriver",
"scope": "eq",
"trust": 0.8,
"vendor": "lemur vehicle monitors",
"version": "lsb2"
},
{
"model": "bluedriver",
"scope": "eq",
"trust": 0.6,
"vendor": "lemurmonitors",
"version": "6.3.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615456"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lemur_monitors:bluedriver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dan Klinedins",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2016-2354",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "LOW",
"baseScore": 8.0,
"collateralDamagePotential": "HIGH",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "LOW",
"enviromentalScore": 6.7,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 6.5,
"id": "CVE-2016-2354",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2354",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2354",
"trust": 1.6,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2354",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-124",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615456"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. Lemur Vehicle Monitors of BlueDriver LSB2 Is OBD2 A device that connects to a port to provide information about vehicle performance. BlueDriver LSB2 Is Bluetooth For access by PIN Is not required Bluetooth Anyone within range of the vehicle CAN (Controller Area Network) Any command can be sent to the bus. Lack of authentication for critical functions (CWE-306) - CVE-2016-2354 CERT/CC Is BlueDriver LSB2 What Bluetooth When accessing with PIN Confirmed that is not necessary. This issue Bluetooth Anyone within range of OBD2 It is possible to obtain diagnostic information such as fuel consumption, trouble code, speed, and displacement information. Also, the attacker CAN (Controller Area Network) Any command can be sent to the bus. Depending on the vehicle, attackers can affect steering and braking. CWE-306: Missing Authentication for Critical Function http://cwe.mitre.org/data/definitions/306.html In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as CWE-284: Improper Access Control http://cwe.mitre.org/data/definitions/284.htmlAttack Bluetooth Although it is necessary to do it from within the wireless range, it is possible to attack via a mobile phone in the vehicle. Depending on the vehicle type and model, various effects can be expected, from information leaks to life-threatening dangers. \nAttackers can exploit this issue to gain unauthorized access. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2354"
},
{
"db": "CERT/CC",
"id": "VU#615456"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "BID",
"id": "85941"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/615456",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#615456"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#615456",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2016-2354",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU92749596",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-124",
"trust": 0.6
},
{
"db": "BID",
"id": "85941",
"trust": 0.3
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#615456"
},
{
"db": "BID",
"id": "85941"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"id": "VAR-201604-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"vehicle device"
],
"sub_category": "vehicle",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-04-12T21:19:27.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BlueDriver - OBD2 Bluetooth Scan Tool for Apple and Android Smartphones and Tablets",
"trust": 0.8,
"url": "http://www.lemurmonitors.com/"
},
{
"title": "BlueDriver OBD2 App - Twitter (13:46 - 2016\u5e744\u670811\u65e5)",
"trust": 0.8,
"url": "https://twitter.com/BlueDriverApp/status/719627773602455552"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/615456"
},
{
"trust": 1.4,
"url": "http://www.lemurmonitors.com/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2354"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92749596"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2354"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#615456"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#615456"
},
{
"db": "BID",
"id": "85941"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-07T00:00:00",
"db": "CERT/CC",
"id": "VU#615456"
},
{
"date": "2016-04-07T00:00:00",
"db": "BID",
"id": "85941"
},
{
"date": "2016-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"date": "2016-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"date": "2016-04-22T00:59:08.527000",
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "CERT/CC",
"id": "VU#615456"
},
{
"date": "2016-04-07T00:00:00",
"db": "BID",
"id": "85941"
},
{
"date": "2016-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001955"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-124"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2354"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access",
"sources": [
{
"db": "CERT/CC",
"id": "VU#615456"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-124"
}
],
"trust": 0.6
}
}
CVE-2016-2354 (GCVE-0-2016-2354)
Vulnerability from nvd – Published: 2016-04-22 00:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#615456",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/615456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#615456",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/615456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#615456",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/615456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2354",
"datePublished": "2016-04-22T00:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:49.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2354 (GCVE-0-2016-2354)
Vulnerability from cvelistv5 – Published: 2016-04-22 00:00 – Updated: 2024-08-05 23:24
VLAI?
Summary
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#615456",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/615456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-22T00:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#615456",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/615456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#615456",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/615456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2354",
"datePublished": "2016-04-22T00:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:49.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}