CVE-2017-11580

Name of the Vulnerable Software and Affected Versions Blipcare Wifi blood pressure monitor BP700 version 10.1

Description The device allows memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection, if a large string is sent as part of the HTTP request in any part of the HTTP headers, the device could become completely unresponsive. This is due to the small memory footprint of the device, with the Wi-Fi module only having 256k of memory. An incorrect string copy operation using functions like memcpy or strcpy could result in filling up the memory space allocated to the function executing, leading to memory corruption.

Recommendations For Blipcare Wifi blood pressure monitor BP700 version 10.1, as a temporary workaround, consider restricting access to the device's open wireless connection "Blip" to minimize the risk of exploitation. Avoid sending large strings as part of the HTTP request in any part of the HTTP headers until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.