CVE-2018-11476

Опубликовано: 30 мая 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 5.8

EPSS Низкий

Описание

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the range of the WLAN to connect to the network without authentication.

Ссылки

http://seclists.org/fulldisclosure/2018/May/66
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/
Third Party Advisory
http://seclists.org/fulldisclosure/2018/May/66
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:vgate:icar_2_wi-fi_obd2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:vgate:icar_2_wi-fi_obd2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00046

Низкий

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-xww4-pqp6-xq6h