PT-2015-5969 · Mobile Devices · C4 Obd-Ii Dongles
Ian Foster
·
Published
2015-08-23
·
Updated
2023-03-01
·
CVE-2015-2908
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mobile Devices (aka MDI) C4 OBD-II dongles versions 2.x through 3.4.x
Description
The issue allows remote attackers to execute arbitrary code by specifying an update server, due to the lack of validation of firmware updates.
Recommendations
For versions 2.x through 3.4.x, update the firmware to a version that includes validation of firmware updates.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
C4 Obd-Ii Dongles