Vulnerability
Lack of Medical data encryption in Dr.Trust ECG/EKG Pen.
Vulnerability Description
An issue was discovered on Dr.Trust ECG/EKG Pen. The onboard Flash memory stores ECG/EKG data in cleartext, without integrity protection against tampering. Attacker can remove the Flash chip and tamper with the ECG data.
CVE-ID
CVE-2020-15485
Vendor
Dr.Trust
Product
ECG EKG Electrocardiogram Pen
Disclosure Timeline
22 June 2020 reported to the vendor
22 July 2020 No response from the vendor and Public disclosure.
Credit
Arun Magesh