Skip to main content

CWE-1263

Improper Physical Access Control

5 CVEs Avg CVSS 6.6 MITRE
1
CRITICAL
1
HIGH
2
MEDIUM
1
LOW
1
POC
0
KEV

Monthly

CVE-2025-4386 MEDIUM This Month

Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-59696 LOW POC Monitor

CVE-2025-59696 is a security vulnerability (CVSS 3.2) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.2
EPSS
0.0%
CVE-2024-48973 CRITICAL Act Now

The debug port on the ventilator's serial interface is enabled by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.3
EPSS
0.2%
CVE-2024-39512 HIGH This Week

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2024-28326 MEDIUM This Month

Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.3%
EPSS 0% CVSS 6.8
MEDIUM This Month

Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
EPSS 0% CVSS 3.2
LOW POC Monitor

CVE-2025-59696 is a security vulnerability (CVSS 3.2) that allows a physically proximate attacker. Risk factors: public PoC available.

Information Disclosure
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

The debug port on the ventilator's serial interface is enabled by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos Os Evolved
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Incorrect Access Control in ASUS RT-N12+ B1 and RT-N12 D1 routers allows local attackers to obtain root terminal access via the the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy