CVE-2015-2908 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x as used in Metromile Pulse and other products do not validate firmware updates which allows remote attackers to execute arbitrary code by specifying an update server. NOTE: the vendor states \This was a flaw for the developer/debugging devices and was fixed in production version about 3 years ago.\

Reference

http://www.kb.cert.org/vuls/id/209512 http://www.kb.cert.org/vuls/id/CKIG-9ZAQGX https://www.usenix.org/conference/woot15/workshop-program/presentation/foster