Cybersecurity & Infrastructure Security Agency (CISA) in the US rolled out an investigation report concerning three firmware variants used in Contec CMS800, a patient monitoring system used in healthcare facilities and hospitals.
CIS finds hidden backdoor in Chinese software
Experts found that the devices had a hidden backdoor with a hard-coded IP address, enabling transmission of patient data. This is doable as the devices will start a link to a central monitoring system through a wireless or wired network, as per the product description.
The agency disclosed the codes that send data to a select IP address. The decoded data includes detailed information- patients, hospital department, doctor’s name, date of birth, admission date, and other details about the device users.
Details about three flaws
The flaw is filed under “CVE-2025-0626 with a CVSS v4 score of 7.7 out of 10” says Tom’s Hardware, while also talking about two other vulnera
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.