Eric Gustafson

**Name of the Vulnerable Software and Affected Versions** Medtronic MyCareLink Smart 25000 all versions **Description** The issue allows an attacker who gains authentication to run a debug command, which is sent to the reader, causing a heap overflow in the MCL Smart Reader stack. This heap overflow enables the attacker to remotely execute code on the MCL Smart Reader, potentially leading to control of the device. **Recommendations** For Medtronic MyCareLink Smart 25000 all versions, as a temporary workaround, consider restricting access to the debug command until a patch is available. Additionally, restrict access to the MCL Smart Reader to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.