Vulnerabilities > Medtronic > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-12-14 CVE-2020-27252 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader.
network
medtronic CWE-367
critical
9.3
2020-12-14 CVE-2020-25187 Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack.
network
low complexity
medtronic CWE-787
critical
10.0