CVE-2017-12718

HIGH

Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump 1.1, 1.5, 1.6 - Remote Code Execution via Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-12718. PoCs published by Scott Gayou.

AI-analyzed exploit summary This PoC exploits a DHCP options buffer overflow in MQX RTCS to redirect execution to an arbitrary address (0xFFFFFFFF). It crafts a malicious DHCP packet and sends it in response to legitimate DHCP requests.

Description

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.

Exploits (1)

exploitdb WORKING POC
by Scott Gayou · pythondoshardware
https://www.exploit-db.com/exploits/43776

This PoC exploits a DHCP options buffer overflow in MQX RTCS to redirect execution to an arbitrary address (0xFFFFFFFF). It crafts a malicious DHCP packet and sends it in response to legitimate DHCP requests.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MQX RTCS (Real-Time Control System)
No auth needed
Prerequisites: Network access to the target device · Target device must be requesting DHCP
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101252
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100665
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43776/

Scores

CVSS v3 8.1
EPSS 0.1319
EPSS Percentile 95.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-120
Status published
Products (3)
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.1
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.5
smiths-medical/medfusion_4000_wireless_syringe_infusion_pump 1.6
Published Feb 15, 2018
Tracked Since Feb 18, 2026