CVE-2018-8870 MEDIUM

CVE-2018-8870: Medtronic MyCareLink Patient Monitor Use of Hard-coded Password

Vendor Medtronic
Product 24950 MyCareLink Monitor
Weakness CWE-259
Published July 2, 2018
Last update May 22, 2025

CVSS base score

6.4/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Key dates

02Disclosure timeline

July 2, 2018 CVE published
May 22, 2025 Record updated