Lemur Vehicle Monitors · Bluedriver · CVE-2016-2354
**Name of the Vulnerable Software and Affected Versions**
Lemur Vehicle Monitors BlueDriver versions prior to 2016-04-07
**Description**
The issue concerns the Bluetooth functionality, which allows for unrestricted pairing without a PIN. This enables remote attackers to send arbitrary CAN commands by accessing a device inside or adjacent to the vehicle. For example, an attacker could disrupt braking or steering by sending a specific CAN command.
**Recommendations**
For versions prior to 2016-04-07, consider disabling the Bluetooth functionality until a fix is available to prevent unauthorized access. Restrict physical access to the vehicle and its devices to minimize the risk of exploitation.