Vulnerabilities > CVE-2017-5149 - NULL Pointer Dereference vulnerability in Abbott Merlin@Home Firmware

047910
CVSS 8.9 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
abbott
CWE-476

Summary

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.

Vulnerable Configurations

Part Description Count
OS
Abbott
1
Hardware
Abbott
2

Common Weakness Enumeration (CWE)