CVE-2020-27276
N/A
N/A
Summary
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | SOOIL Developments CoLtd DiabecareRS,AnyDana-i,AnyDana-A | Dana DiabecareRS, AnyDana-i, AnyDana-A All versions prior to 3.0 | affected |
Weaknesses
- CWE-290: AUTHENTICATION BYPASS BY SPOOFING CWE-290
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.