VYPR

MyCareLink Patient Monitor

by Medtronic

CVEs (11)

  • CVE-2019-6538CriMar 25, 2019
    risk 0.61cvss 9.3epss 0.01

    The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D…

  • CVE-2025-4397MedMay 7, 2026
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.

  • CVE-2025-4386MedMay 7, 2026
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​

  • CVE-2025-4395MedJul 24, 2025
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952:…

  • CVE-2025-4394MedJul 24, 2025
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

  • CVE-2025-4393MedJul 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. This issue affects MyCareLink Patient Monitor models 24950…

  • CVE-2019-6540MedMar 26, 2019
    risk 0.42cvss 6.5epss 0.00

    The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D…

  • CVE-2018-8870MedJul 3, 2018
    risk 0.42cvss 6.4epss 0.00

    Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

  • CVE-2018-8868MedJul 3, 2018
    risk 0.40cvss 6.2epss 0.00

    Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the…

  • CVE-2018-10622MedAug 10, 2018
    risk 0.34cvss 5.2epss 0.00

    Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.

  • CVE-2018-10626MedAug 10, 2018
    risk 0.29cvss 4.4epss 0.00

    Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data…