CVE-2017-11580
Description
Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device could become completely unresponsive. Presumably this happens as the memory footprint provided to this device is very small. According to the specs from Rezolt, the Wi-Fi module only has 256k of memory. As a result, an incorrect string copy operation using either memcpy, strcpy, or any of their other variants could result in filling up the memory space allocated to the function executing and this would result in memory corruption. To test the theory, one can modify the demo application provided by the Cypress WICED SDK and introduce an incorrect "memcpy" operation and use the compiled application on the evaluation board provided by Cypress semiconductors with exactly the same Wi-Fi SOC. The results were identical where the device would completely stop responding to any of the ping or web requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Blipcare BP700 WiFi blood pressure monitor suffers from memory corruption via large HTTP headers, causing denial of service.
Vulnerability
The Blipcare Wifi blood pressure monitor BP700 10.1 contains a memory corruption vulnerability in the HTTP handling code. When the device is connected to the "Blip" open wireless connection, sending a large string in any part of an HTTP request header causes incorrect memory copy operations (likely via memcpy or strcpy) due to the limited 256k memory of the Wi-Fi module. This leads to memory corruption. The device runs firmware version 10.1. [1]
Exploitation
An attacker must be within range of the device's open Wi-Fi network ("Blip") and send an HTTP request with an oversized header field. No authentication is required. The attack does not require user interaction beyond connecting to the open network. Sending a sufficiently large string triggers the memory corruption. [1]
Impact
Successful exploitation results in a complete denial of service: the device becomes unresponsive to ping and web requests. No other impact (e.g., data exfiltration or code execution) is reported. [1]
Mitigation
No fix or patch has been disclosed in available references. Users may consider disconnecting the device from the network or limiting exposure by not using the open "Blip" connection. The device may be end-of-life; no vendor update is known. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Blipcare/Wifi blood pressure monitor BP700description
- Range: = 10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.htmlmitrex_refsource_MISC
- github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdfmitrex_refsource_MISC
- seclists.org/bugtraq/2019/Jun/8mitremailing-listx_refsource_BUGTRAQ
News mentions
0No linked articles in our index yet.