Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by mobile_devices

    CVE-2015-2908 (GCVE-0-2015-2908)

    Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Munic Mobile Devices (MDI) OBD-II dongles Affected: 0 , < 2.x (custom)
    Affected: 0 , < 3.4.x (custom)
    Create a notification for this product.
    Date Public
    2015-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:20.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/209512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mobile Devices (MDI) OBD-II dongles",
              "vendor": "Munic",
              "versions": [
                {
                  "lessThan": "2.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2015-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-01T05:42:18.460Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
            },
            {
              "url": "http://www.kb.cert.org/vuls/id/209512"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2908",
        "datePublished": "2015-08-23T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:20.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2907 (GCVE-0-2015-2907)

    Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Munic Mobile Devices (MDI) OBD-II dongles Affected: 0 , < 2.x (custom)
    Affected: 0 , < 3.4.x (custom)
    Create a notification for this product.
    Date Public
    2015-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:20.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/209512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mobile Devices (MDI) OBD-II dongles",
              "vendor": "Munic",
              "versions": [
                {
                  "lessThan": "2.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2015-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-01T05:42:18.460Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
            },
            {
              "url": "http://www.kb.cert.org/vuls/id/209512"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2907",
        "datePublished": "2015-08-23T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:20.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2906 (GCVE-0-2015-2906)

    Vulnerability from nvd – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Munic Mobile Devices (MDI) OBD-II dongles Affected: 0 , < 2.x (custom)
    Affected: 0 , < 3.4.x (custom)
    Create a notification for this product.
    Date Public
    2015-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:20.590Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/209512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mobile Devices (MDI) OBD-II dongles",
              "vendor": "Munic",
              "versions": [
                {
                  "lessThan": "2.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2015-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers\u0027 installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-22T15:46:59.871Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
            },
            {
              "url": "http://www.kb.cert.org/vuls/id/209512"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2906",
        "datePublished": "2015-08-23T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:20.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2908 (GCVE-0-2015-2908)

    Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Munic Mobile Devices (MDI) OBD-II dongles Affected: 0 , < 2.x (custom)
    Affected: 0 , < 3.4.x (custom)
    Create a notification for this product.
    Date Public
    2015-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:20.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/209512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mobile Devices (MDI) OBD-II dongles",
              "vendor": "Munic",
              "versions": [
                {
                  "lessThan": "2.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2015-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-01T05:42:18.460Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
            },
            {
              "url": "http://www.kb.cert.org/vuls/id/209512"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2908",
        "datePublished": "2015-08-23T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:20.499Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2907 (GCVE-0-2015-2907)

    Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Munic Mobile Devices (MDI) OBD-II dongles Affected: 0 , < 2.x (custom)
    Affected: 0 , < 3.4.x (custom)
    Create a notification for this product.
    Date Public
    2015-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:20.559Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/209512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mobile Devices (MDI) OBD-II dongles",
              "vendor": "Munic",
              "versions": [
                {
                  "lessThan": "2.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2015-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-01T05:42:18.460Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
            },
            {
              "url": "http://www.kb.cert.org/vuls/id/209512"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2907",
        "datePublished": "2015-08-23T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:20.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2906 (GCVE-0-2015-2906)

    Vulnerability from cvelistv5 – Published: 2015-08-23 21:00 – Updated: 2024-08-06 05:32
    VLAI
    Summary
    Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    Munic Mobile Devices (MDI) OBD-II dongles Affected: 0 , < 2.x (custom)
    Affected: 0 , < 3.4.x (custom)
    Create a notification for this product.
    Date Public
    2015-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:32:20.590Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/209512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mobile Devices (MDI) OBD-II dongles",
              "vendor": "Munic",
              "versions": [
                {
                  "lessThan": "2.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.4.x",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2015-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers\u0027 installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-22T15:46:59.871Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://www.usenix.org/conference/woot15/workshop-program/presentation/foster"
            },
            {
              "url": "http://www.kb.cert.org/vuls/id/209512"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.13"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2906",
        "datePublished": "2015-08-23T21:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:32:20.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }