CVE-2018-11477
MEDIUMVgate iCar 2 Wi-Fi OBD2 Dongle - Cleartext Transmission of Sensitive Information
Title source: llmDescription
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this vulnerability with the lack of wireless network protection exposes all transferred car data to the public.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/May/66
Scores
CVSS v3
6.5
EPSS
0.0048
EPSS Percentile
37.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (1)
vgate/icar_2_wi-fi_obd2_firmware
Published
May 30, 2018
Tracked Since
Feb 18, 2026