Open TELNET port in niscomed patient monitoring device
Open telnet port in niscomed patient monitoring device
An issue was discovered on Niscomed Multipara Patient monitor M1000 devices. The device enables anTELNET service by default. This allows an attacker to gain root access (admin:nopasswd) of the device over the local network and steal customer data and perform a malicious activity like sending malware/ransomeware in it.
M1000 Multipara Patient monitor
22 June 2020 reported to the vendor
22 July 2020 No response from the vendor and Public disclosure.