Open TELNET port in niscomed patient monitoring device
Vulnerability
Open telnet port in niscomed patient monitoring device
Vulnerability Description
An issue was discovered on Niscomed Multipara Patient monitor M1000 devices. The device enables anTELNET service by default. This allows an attacker to gain root access (admin:nopasswd) of the device over the local network and steal customer data and perform a malicious activity like sending malware/ransomeware in it.
CVE-ID
CVE-2020-15482
Vendor
Nescomed
Product
M1000 Multipara Patient monitor
Disclosure Timeline
22 June 2020 reported to the vendor
22 July 2020 No response from the vendor and Public disclosure.
Credit
Arun Magesh