Summary
Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device.
The following versions of Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT are affected:
- Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0 (CVE-2026-50034, CVE-2026-52866)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.5 | Apollo Pharmacy | Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT | Cleartext Transmission of Sensitive Information, Missing Authorization |
Background
- Critical Infrastructure Sectors: Healthcare and Public Health
- Countries/Areas Deployed: India
- Company Headquarters Location: India
Vulnerabilities
CVE-2026-50034
An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values.
Affected Products
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
Apollo Pharmacy
Apollo Pharmacy Blood Glucose Monitoring System (Model No. APG-01 BT): 0x0110_v1.1.0
known_affected
Remediations
Mitigation
Apollo Pharmacy did not respond to CISA’s requests to coordinate. Users are encouraged to reach out to Apollo Pharmacy directly for more information:https://www.apollopharmacy.in/contact-us.
https://www.apollopharmacy.in/contact-us
Mitigation
CISA recommends users follow the guidance in the Understanding Bluetooth Technology blog https://www.cisa.gov/news-events/news/understanding-bluetooth-technology.
https://www.cisa.gov/news-events/news/understanding-bluetooth-technology
Relevant CWE: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| 4.0 | 7.1 | HIGH | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
CVE-2026-52866
An attacker within BLE communication range can monopolize the device’s only available BLE connection slot, preventing legitimate users or applications from establishing a connection.
Affected Products
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
Apollo Pharmacy
Apollo Pharmacy Blood Glucose Monitoring System (Model No. APG-01 BT): 0x0110_v1.1.0
known_affected
Remediations
Mitigation
Apollo Pharmacy did not respond to CISA’s requests to coordinate. Users are encouraged to
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: