CVE-2016-2354

Name of the Vulnerable Software and Affected Versions Lemur Vehicle Monitors BlueDriver versions prior to 2016-04-07

Description The issue concerns the Bluetooth functionality, which allows for unrestricted pairing without a PIN. This enables remote attackers to send arbitrary CAN commands by accessing a device inside or adjacent to the vehicle. For example, an attacker could disrupt braking or steering by sending a specific CAN command.

Recommendations For versions prior to 2016-04-07, consider disabling the Bluetooth functionality until a fix is available to prevent unauthorized access. Restrict physical access to the vehicle and its devices to minimize the risk of exploitation.