Description
Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit this vulnerability to force the device into a fail state requiring manual restart, causing loss of wireless connectivity and interruption of patient monitoring functionality.
Published: 2026-06-02
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A network‑based denial of service flaw in Dräger Infinity M300 patient‑worn monitors allows attackers on the same local network to send crafted messages over the Infinity Network and repeatedly trigger an automatic reboot. The reboot forces the device into a fail state that requires a manual restart, resulting in loss of wireless connectivity and an interruption of patient‑monitoring functionality. The impact is a loss of availability and patient safety.

Affected Systems

Dräger Infinity M300 patient‑worn monitors running software version VG2.3.1 and earlier are vulnerable.

Risk and Exploitability

The CVSS score is 7.1, indicating a medium‑to‑high severity vulnerability. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers must be on the same local network as the device and can exploit the flaw without special privileges, simply by sending malicious requests over the Infinity Network. The ability to repeatedly reboot the device poses a significant risk to patient monitoring availability, and therefore to patient safety.

Generated by OpenCVE AI on June 3, 2026 at 03:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict network access to the Infinity Network by implementing firewall rules or network segmentation to limit traffic to authorized devices
  • Enable intrusion detection or logging to alert on repeated abnormal traffic patterns that could indicate attempts to trigger reboots
  • Apply any available firmware updates from Dräger that mitigate the vulnerability or, if none exist, isolate the device from critical patient‑monitoring traffic until a patch is released

Generated by OpenCVE AI on June 3, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Infinity M300 patient worn monitors with software version VG2.3.1 and earlier contain a network-based denial of service vulnerability that allows network-adjacent attackers to repeatedly trigger device reboots by sending malicious requests over the Infinity Network. Attackers can exploit this vulnerability to force the device into a fail state requiring manual restart, causing loss of wireless connectivity and interruption of patient monitoring functionality.
Title Dräger Infinity M300 VG2.3.1 Network-Based Denial of Service
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T17:29:46.712Z

Reserved: 2026-06-02T17:23:43.821Z

Link: CVE-2019-25721

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T20:16:23.557

Modified: 2026-06-02T20:16:23.557

Link: CVE-2019-25721

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T03:30:06Z

Weaknesses