CVE-2015-2906

Name of the Vulnerable Software and Affected Versions Mobile Devices (aka MDI) C4 OBD-II dongles versions 2.x through 3.4.x

Description The issue allows remote attackers to gain access by leveraging knowledge of a private key from another installation, as the SSH private keys stored are the same across different customers' installations.

Recommendations For versions 2.x through 3.4.x, consider disabling SSH access until a patch or firmware update that generates unique SSH private keys for each installation is available. Restrict access to the device to minimize the risk of exploitation.