Medtronic MyCareLink Patient Monitor Deserialization Vulnerability

July 24, 2025 invoker category_cve

CVE Details

Basic Information

Title Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Type cve
Published 2025-07-24T03:22:20.208Z
Modified 2025-07-24T03:22:20.208Z

Product Information

Vendor Medtronic
Product MyCareLink Patient Monitor 24950
Version 0

CVSS Information

Base Score 6.5 (MEDIUM)
Attack Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

AI Analysis

AI Description A vulnerability in Medtronic MyCareLink Patient Monitor allows local attackers to craft binary payloads, potentially crashing the service or escalating privileges. This affects models 24950 and 24952.
AI Severity High
AI Vendor Medtronic
AI Product MyCareLink Patient Monitor
AI Version 24950, 24952

Affected Products

  • Medtronic MyCareLink Patient Monitor 24950 0
  • Medtronic MyCareLink Patient Monitor 24952 0

Additional Information

CWE List CWE-502
Source Medtronic

Description

Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.

This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.