CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2907

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.5%

CVSS Severity

CVSS v2 Score 9.0

References

http://www.kb.cert.org/vuls/id/209512
https://www.usenix.org/conference/woot15/workshop-program/presentation/foster
http://www.kb.cert.org/vuls/id/209512
https://www.usenix.org/conference/woot15/workshop-program/presentation/foster

Products affected by CVE-2015-2907

Mobile Devices » C4 Obd-Ii Dongle Firmware » Version: Any

cpe:2.3:o:mobile_devices:c4_obd-ii_dongle_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2907

Products

Pricing

Contact Us