CVE-2019-25724
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Dräger Infinity M300 Patient Monitors

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manual restart. Attackers can exploit this vulnerability to cause loss of wireless network connectivity, temporary loss of patient monitoring, and interruption of alarm functionality until the device is manually recovered.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2019-25724
EUVD
EUVD-2019-20160
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dräger infinity_m300 to vg2.x (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

Exploitation of this vulnerability can lead to loss of wireless network connectivity on the affected devices.

It can cause temporary loss of patient monitoring and interruption of alarm functionality.

The device will remain in a fail state until it is manually restarted, potentially impacting patient safety and hospital operations.

Executive Summary

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier have a network-based denial of service vulnerability.

Attackers who have access to the hospital or Infinity Network can repeatedly trigger device reboots, causing the device to eventually enter a fail state that requires manual restart.

This vulnerability is related to uncontrolled resource consumption, classified under CWE-400.

Mitigation Strategies

Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier are vulnerable to a network-based denial of service attack that causes repeated device reboots leading to a fail state requiring manual restart.

To mitigate this vulnerability, restrict network access to the hospital or Infinity Network to trusted personnel only, thereby preventing unauthorized attackers from triggering the device reboots.

Monitor the devices for unexpected reboots and ensure manual recovery procedures are in place in case of device failure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25724. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart