Information Disclosure Vulnerability in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i, and AnyDana-A: Extracting Keypad Lock PIN via Bluetooth Low Energy

Information Disclosure Vulnerability in SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i, and AnyDana-A: Extracting Keypad Lock PIN via Bluetooth Low Energy

CVE-2020-27258 · MEDIUM Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.

Learn more about our Mobile App Penetration Testing.