Blood Glucose Monitoring System Model No Apg 01 Bt
Monthly
Cleartext Bluetooth Low Energy transmission in the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) allows an attacker within BLE radio range to passively sniff wireless traffic and recover patient glucose readings and related health data. The flaw is a CWE-319 cleartext-transmission issue affecting a consumer medical device, disclosed via CISA ICS-CERT advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Denial-of-service in the Apollo Pharmacy Blood Glucose Monitoring System (model APG-01 BT) allows an attacker within Bluetooth Low Energy radio range to seize the device's single BLE connection slot, blocking the legitimate patient app or clinician from pairing and reading glucose measurements. The flaw is rooted in missing authorization (CWE-862) on connection acceptance and was disclosed through CISA's ICS Medical advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Cleartext Bluetooth Low Energy transmission in the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) allows an attacker within BLE radio range to passively sniff wireless traffic and recover patient glucose readings and related health data. The flaw is a CWE-319 cleartext-transmission issue affecting a consumer medical device, disclosed via CISA ICS-CERT advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Denial-of-service in the Apollo Pharmacy Blood Glucose Monitoring System (model APG-01 BT) allows an attacker within Bluetooth Low Energy radio range to seize the device's single BLE connection slot, blocking the legitimate patient app or clinician from pairing and reading glucose measurements. The flaw is rooted in missing authorization (CWE-862) on connection acceptance and was disclosed through CISA's ICS Medical advisory ICSMA-26-169-01. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.