Vulnerabilities > Medtronic > Mycarelink Smart Model 25000 Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-14 | CVE-2020-27252 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. | 8.1 |
2020-12-14 | CVE-2020-25187 | Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. | 9.8 |
2020-12-14 | CVE-2020-25183 | Improper Authentication vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. | 8.8 |