MidnightBSD

Advisories for lemurmonitors

CVE-2016-2354 HIGH

The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
lemurmonitors bluedriver *