Unauthenticated Remote Control Vulnerability in Vgate iCar 2 Wi-Fi OBD2 Dongle Devices

Unauthenticated Remote Control Vulnerability in Vgate iCar 2 Wi-Fi OBD2 Dongle Devices

CVE-2018-11478 · MEDIUM Severity

AV:A/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network.

Learn more about our Network Penetration Testing.