Vulnerabilities > CVE-2017-5149 - NULL Pointer Dereference vulnerability in Abbott Merlin@Home Firmware 8.0

CVSS 8.9 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

abbott

CWE-476

NVD

Published: 2017-02-13

Updated: 2023-06-26

Summary

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.

Vulnerable Configurations

Part	Description	Count
OS	Abbott Abbott Merlin@Home Firmware 8.0	1
Hardware	Abbott Abbott Merlin@Home Ex1100 - Abbott Merlin@Home Ex1150 -	2

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References