PT-2015-5968 · Mobile Devices · Mobile Devices C4 Obd-Ii Dongle
Ian Foster
·
Published
2015-08-23
·
Updated
2023-03-01
·
CVE-2015-2907
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mobile Devices (aka MDI) C4 OBD-II dongles versions 2.x through 3.4.x
Description
The issue allows remote attackers to obtain access by leveraging knowledge of the required
username and password, due to hardcoded SSH credentials.Recommendations
For versions 2.x through 3.4.x, consider disabling SSH access until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using the hardcoded
username and password in the affected SSH connection until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mobile Devices C4 Obd-Ii Dongle