Vulnerabilities > CVE-2015-2906 - Unspecified vulnerability in Mobile Devices C4 Obd-Ii Dongle Firmware
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 |