Vulnerabilities > Medtronic > Mycarelink Smart Model 25000 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-12-14 CVE-2020-27252 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader.
network
medtronic CWE-367
critical
9.3
2020-12-14 CVE-2020-25187 Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack.
network
low complexity
medtronic CWE-787
critical
10.0
2020-12-14 CVE-2020-25183 Improper Authentication vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass.
low complexity
medtronic CWE-287
5.8