M1000 Multipara Patient Monitor Firmware
CVE-2020-15482
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network.
AnalysisAI
An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. Affected products include: Niscomed M1000 Multipara Patient Monitor Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated medium severity (CVSS 6.8), this vulnerabilit
An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated high severity (CVSS 7.5), this vulnerability
An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated medium severity (CVSS 5.5), this vulnerabilit
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today