CVE-2015-2907

Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
mobile_devicesc4_obd-ii_dongle_firmware
𝑥
≤ 3.4
𝑥
= Vulnerable software versions
References
http://www.kb.cert.org/vuls/id/209512
https://www.usenix.org/conference/woot15/workshop-program/presentation/foster
http://www.kb.cert.org/vuls/id/209512
https://www.usenix.org/conference/woot15/workshop-program/presentation/foster