- Description
- The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- ics-cert@hq.dhs.gov
- CWE-912
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-0626
@transilienceai
9 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0626
@transilienceai
9 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0626
@transilienceai
7 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0626
@transilienceai
6 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0626
@transilienceai
5 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
66 new OPEN, 95 new PRO (66 + 29) Lumma Stealer, TA2726, LandUpdate808, Soc Gholish, ZPHP, CVE-CVE-2025-0626, 2024-45607, 2024-57727, 2024-37397 and more. https://t.co/9XRMiB86dD
@ET_Labs
3 Feb 2025
314 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
1 Quote
U.S. CISA & FDA warn of a hidden backdoor in Contec CMS8000 & Epsimed MN-120 patient monitors. Critical flaws (CVE-2025-0626, CVE-2025-0683, CVE-2024-12248) risk unauthorized access, patient data leaks & RCE. #Vulnerability #CyberSecurity #hackinginquiry https://t.co
@kevin___hack
1 Feb 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
U.S. CISA & FDA warn of a hidden backdoor in Contec CMS8000 & Epsimed MN-120 patient monitors. Critical flaws (CVE-2025-0626, CVE-2025-0683, CVE-2024-12248) risk unauthorized access, patient data leaks & RCE. #Vulnerability #CyberSecurity #hackinginquiry https://t.co
@dean95196196583
1 Feb 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors CVE-2025-0626 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/gY4dPr1Wao #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
1 Feb 2025
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
•#Vulnerability Impact: CVE-2025-0626 allows remote access and file manipulation on the device. •Vulnerability Severity: CVSS v4 score of 7.7 out of 10.0. •Vulnerability Description: The device sends remote access requests to a hard-coded IP address. https://t.co/DPabmm2iZa
@GHak2learn27752
1 Feb 2025
196 Impressions
1 Retweet
4 Likes
1 Bookmark
1 Reply
1 Quote
U.S. CISA & FDA warn of a hidden backdoor in Contec CMS8000 & Epsimed MN-120 patient monitors. Critical flaws (CVE-2025-0626, CVE-2025-0683, CVE-2024-12248) risk unauthorized access, patient data leaks & RCE. https://t.co/DXJpxkexAd #Vulnerability #CyberSecurity #Hac
@hackingspace
1 Feb 2025
469 Impressions
3 Retweets
7 Likes
0 Bookmarks
2 Replies
1 Quote
CVE-2025-0626 The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor an… https://t.co/7T6qIu8Prm
@CVEnew
30 Jan 2025
321 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes