CVE-2018-10626 MEDIUM

CVE-2018-10626: Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity

Vendor Medtronic
Product 24950 MyCareLink Monitor
Weakness CWE-345
Published August 10, 2018
Last update May 19, 2026

CVSS base score

4.4/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.

Key dates

02Disclosure timeline

August 10, 2018 CVE published
May 19, 2026 Record updated