Monthly
Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.
CVE-2025-59696 is a security vulnerability (CVSS 3.2) that allows a physically proximate attacker. Risk factors: public PoC available.
The debug port on the ventilator's serial interface is enabled by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.
CVE-2025-59696 is a security vulnerability (CVSS 3.2) that allows a physically proximate attacker. Risk factors: public PoC available.
The debug port on the ventilator's serial interface is enabled by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.