Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by Munic
CVE-2015-2908 (GCVE-0-2015-2908)
Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI
EPSS
VEX
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
Date Public
2015-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2908",
"datePublished": "2015-08-23T21:00:00.000Z",
"dateReserved": "2015-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2907 (GCVE-0-2015-2907)
Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI
EPSS
VEX
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
Date Public
2015-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2907",
"datePublished": "2015-08-23T21:00:00.000Z",
"dateReserved": "2015-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2906 (GCVE-0-2015-2906)
Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI
EPSS
VEX
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
Date Public
2015-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers\u0027 installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T15:46:59.871Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2906",
"datePublished": "2015-08-23T21:00:00.000Z",
"dateReserved": "2015-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2908 (GCVE-0-2015-2908)
Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI
EPSS
VEX
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
Date Public
2015-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2908",
"datePublished": "2015-08-23T21:00:00.000Z",
"dateReserved": "2015-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2907 (GCVE-0-2015-2907)
Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI
EPSS
VEX
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
Date Public
2015-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T05:42:18.460Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2907",
"datePublished": "2015-08-23T21:00:00.000Z",
"dateReserved": "2015-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2906 (GCVE-0-2015-2906)
Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
VLAI
EPSS
VEX
Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Munic | Mobile Devices (MDI) OBD-II dongles |
Affected:
0 , < 2.x
(custom)
Affected: 0 , < 3.4.x (custom) |
Date Public
2015-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mobile Devices (MDI) OBD-II dongles",
"vendor": "Munic",
"versions": [
{
"lessThan": "2.x",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.x",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers\u0027 installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T15:46:59.871Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
},
{
"url": "http://www.kb.cert.org/vuls/id/209512"
}
],
"x_generator": {
"engine": "cveClient/1.0.13"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-2906",
"datePublished": "2015-08-23T21:00:00.000Z",
"dateReserved": "2015-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:32:20.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}