CVE-2018-10626

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLin...

medium 4.4 CVSS 3.1
Published: Aug 10, 2018
Modified: May 19, 2026
Vendor: Medtronic
Product: Mycarelink 24952 Patient Monitor Firmware

Description

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An
attacker who obtains per-product credentials from the monitor and paired
implantable cardiac device information can potentially upload invalid
data to the Medtronic CareLink network.

References

Related CVEs

CVE-2018-10622 medium · 6.8
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.