CVE-2017-12701

MEDIUM

Luna CPAP Machine Firmware < 20170701 - Authenticated Denial of Service via Wi-Fi Module Input

Title source: llm
STIX 2.1

Description

BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100354
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01

Scores

CVSS v3 6.5
EPSS 0.0132
EPSS Percentile 67.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (1)
cpap/luna_cpap_machine_firmware < 20170701
Published Apr 17, 2018
Tracked Since Feb 18, 2026