Vulnerability CVE-2018-11477
Published: 2018-05-30

Description:
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Vgate iCar2 WiFi OBD2 Dongle Inadequate Access Protections
T. Weber
31.05.2018

Type:

CWE-319

 (Cleartext Transmission of Sensitive Information)

CVSS2 => (AV:A/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
2.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Vgate -> Icar 2 wi-fi obd2 firmware 

 References:
http://seclists.org/fulldisclosure/2018/May/66
https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/
Copyright 2024, cxsecurity.com

 

Back to Top