Description
Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit this vulnerability to force the device into a fail state requiring manual restart, causing loss of wireless connectivity and interruption of patient monitoring functionality.
Published: 2026-06-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A network‑based denial of service flaw in Dräger Infinity M300 patient‑worn monitors allows attackers on the same local network to send crafted messages over the Infinity Network and repeatedly trigger an automatic reboot. The reboot forces the device into a fail state that requires a manual restart, resulting in loss of wireless connectivity and an interruption of patient‑monitoring functionality. The impact is a loss of availability and patient safety.

Affected Systems

Dräger Infinity M300 patient‑worn monitors running software version VG2.3.1 and earlier are vulnerable.

Risk and Exploitability

The CVSS score is 7.1, indicating a medium‑to‑high severity vulnerability. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers must be on the same local network as the device and can exploit the flaw without special privileges, simply by sending malicious requests over the Infinity Network. The ability to repeatedly reboot the device poses a significant risk to patient monitoring availability, and therefore to patient safety.

Generated by OpenCVE AI on June 3, 2026 at 03:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict network access to the Infinity Network by implementing firewall rules or network segmentation to limit traffic to authorized devices
  • Enable intrusion detection or logging to alert on repeated abnormal traffic patterns that could indicate attempts to trigger reboots
  • Apply any available firmware updates from Dräger that mitigate the vulnerability or, if none exist, isolate the device from critical patient‑monitoring traffic until a patch is released

Generated by OpenCVE AI on June 3, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
References

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
References

Wed, 03 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger infinity M300
Vendors & Products Draeger
Draeger infinity M300

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit this vulnerability to force the device into a fail state requiring manual restart, causing loss of wireless connectivity and interruption of patient monitoring functionality.
Title Dräger Infinity M300 VG2.3.1 Network-Based Denial of Service
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Draeger Infinity M300
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-03T16:06:32.703Z

Reserved: 2026-06-02T17:23:43.821Z

Link: CVE-2019-25721

cve-icon Vulnrichment

Updated: 2026-06-03T12:52:20.275Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T20:16:23.557

Modified: 2026-06-04T15:29:14.323

Link: CVE-2019-25721

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:55:23Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption