Impact
This vulnerability allows any entity within Bluetooth range to intercept unencrypted blood glucose data transmitted by the APG‑01 BT device. The result is that an attacker could obtain the victim’s glucose measurement values and other health‑related data. The weakness is a cleartext transmission, classified as CWE‑319; without encryption the data can be read directly from the wireless channel, compromising confidentiality.
Affected Systems
The affected system is the Apollo Pharmacy Blood Glucose Monitoring System model APG‑01 BT. No specific firmware or software versions were disclosed. The device uses standard BLE communication for transmitting glucose measurement values. The lack of encryption applies to all routine data transmissions on this model.
Risk and Exploitability
The CVSS score of 7.1 places this issue in the high risk range. Because the attack requires proximity and a passive interception of BLE traffic, a potential attacker would need to be within Bluetooth range, though the exact distance is not specified. The breach is considered recon‑friendly; there are no known exploits in the wild, and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, given the sensitivity of medication data, the exposure could be significant.
OpenCVE Enrichment