CVE-2025-0626— Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-0626
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor
Source: NVD (National Vulnerability Database)
Vulnerability Description
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
隐藏功能
Source: NVD (National Vulnerability Database)
Vulnerability Title
Contec Health CMS8000 Patient Monitor 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Contec Health CMS8000 Patient Monitor是日本Contec公司的一款生命体征病人监护仪。 Contec Health CMS8000 Patient Monitor存在安全漏洞。攻击者利用该漏洞可以上传和覆盖设备上的文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Contec Health | CMS8000 Patient Monitor | All versions | - |
II. Public POCs for CVE-2025-0626
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-0626
请登录查看更多情报信息。
- Contec Health CMS8000 Patient Monitor | CISAgovernment-resource
- https://nvd.nist.gov/vuln/detail/CVE-2025-0626
Same Patch Batch · Contec Health · 2025-01-30 · 3 CVEs total
| CVE-2024-12248 | 9.8 CRITICAL | Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor |
| CVE-2025-0683 | 5.9 MEDIUM | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec |
IV. Related Vulnerabilities
V. Comments for CVE-2025-0626
No comments yet