CVE-2019-25721
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Dräger Infinity M300 Patient Monitors

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit this vulnerability to force the device into a fail state requiring manual restart, causing loss of wireless connectivity and interruption of patient monitoring functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-23
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-21
NVD
CVE-2019-25721
EUVD
EUVD-2019-20157
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dräger infinity_m300 to VG2.3.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by monitoring for repeated unexpected reboots of Dräger Infinity M300 patient worn monitors running software version VG2.3.1 or earlier. Network traffic analysis may reveal repeated malicious requests targeting these devices over the Infinity Network.

Specific commands are not provided in the available resources, but general network monitoring tools such as packet capture (e.g., using tcpdump or Wireshark) can be used to identify suspicious repeated requests to the devices. Additionally, checking device logs for frequent reboot events may help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include isolating the affected Dräger Infinity M300 devices from untrusted or less secure network segments to prevent network-adjacent attackers from sending malicious requests.

Since the vulnerability causes devices to reboot and enter a fail state requiring manual restart, monitoring the devices for unexpected reboots and manually restarting them as needed is necessary until a software update or patch is applied.

Applying any available software updates beyond version VG2.3.1, if released by the vendor, would be a recommended long-term mitigation.

Executive Summary

The Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier have a network-based denial of service vulnerability. This flaw allows attackers who are on the same network to send malicious requests repeatedly, which causes the devices to reboot and enter a fail state requiring manual restart.

When exploited, the device loses wireless connectivity and patient monitoring functionality is interrupted.

Impact Analysis

Exploitation of this vulnerability can cause the affected patient monitors to repeatedly reboot and fail, resulting in loss of wireless connectivity.

This leads to interruption of patient monitoring functionality, which could impact patient safety and care.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25721. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart