Skip to main content

Mycarelink Patient Monitor 24952

2 CVEs product

Monthly

CVE-2025-4397 MEDIUM This Month

Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-4386 MEDIUM This Month

Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
CVSS 3.1
6.8
EPSS
0.0%
EPSS 0% CVSS 6.8
MEDIUM This Month

Medtronic MyCareLink Patient Monitor stores per-product credentials in a recoverable (non-hashed or weakly encrypted) format, allowing physical attackers with device access to extract these credentials and modify encrypted drive data without authentication. Affected models include the 24950 and 24952 monitors. The vulnerability requires physical access to the device (CVSS AV:P) but grants full confidentiality, integrity, and availability impact to stored patient data.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Medtronic MyCareLink Patient Monitor models 24950 and 24952 expose an unauthenticated UART login prompt via an internal serial interface, allowing attackers with physical access to potentially gain administrative control without authentication. The vulnerability achieves high confidentiality, integrity, and availability impact (CVSS 6.8) but requires direct physical access to internal hardware connections, limiting real-world exploitation to scenarios involving device tampering or insider threats.

Information Disclosure Mycarelink Patient Monitor 24950 Mycarelink Patient Monitor 24952
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy