CVE-2018-8842

Name of the Vulnerable Software and Affected Versions Philips e-Alert Unit (non-medical device) versions R2.1 and prior

Description The software transmits sensitive data in cleartext over a communication channel, which can be intercepted by unauthorized actors. This lack of encryption could lead to the disclosure of personal contact information and application login credentials from within the same subnet.

Recommendations For Philips e-Alert Unit (non-medical device) versions R2.1 and prior, consider implementing encryption for the communication channel to protect sensitive data. As a temporary workaround, restrict access to the subnet where the Philips e-Alert Unit operates to minimize the risk of unauthorized interception.