CVE-2019-25721
Denial of Service in Dräger Infinity M300 Patient Monitors
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | infinity_m300 | to VG2.3.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for repeated unexpected reboots of Dräger Infinity M300 patient worn monitors running software version VG2.3.1 or earlier. Network traffic analysis may reveal repeated malicious requests targeting these devices over the Infinity Network.
Specific commands are not provided in the available resources, but general network monitoring tools such as packet capture (e.g., using tcpdump or Wireshark) can be used to identify suspicious repeated requests to the devices. Additionally, checking device logs for frequent reboot events may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating the affected Dräger Infinity M300 devices from untrusted or less secure network segments to prevent network-adjacent attackers from sending malicious requests.
Since the vulnerability causes devices to reboot and enter a fail state requiring manual restart, monitoring the devices for unexpected reboots and manually restarting them as needed is necessary until a software update or patch is applied.
Applying any available software updates beyond version VG2.3.1, if released by the vendor, would be a recommended long-term mitigation.
Can you explain this vulnerability to me?
The Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier have a network-based denial of service vulnerability. This flaw allows attackers who are on the same network to send malicious requests repeatedly, which causes the devices to reboot and enter a fail state requiring manual restart.
When exploited, the device loses wireless connectivity and patient monitoring functionality is interrupted.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause the affected patient monitors to repeatedly reboot and fail, resulting in loss of wireless connectivity.
This leads to interruption of patient monitoring functionality, which could impact patient safety and care.