Primary

Context

Dario Health USB-C Blood Glucose Monitoring System Unauthenticated Log Injection Vulnerability

Vulnerability

Patched

A vulnerability exists in the Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android application, all versions through 5.8.7.0.36. The issue arises from improper output neutralization for logs, allowing unauthenticated log effects metrics gathering that could disrupt incident response efforts. This vulnerability also potentially opens the door to injection attacks, such as log injection.

Impact

Exploitation of this vulnerability could lead to unauthorized log manipulation, disrupting incident response efforts and potentially allowing for injection attacks, according to CISA.

Remediation

Users are advised to update the Dario Health Android mobile application to the latest version. For more information, contact Dario Health directly.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dario Health USB-C Blood Glucose Monitoring System Unauthenticated Log Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Dario Health USB-C Blood Glucose Monitoring System Starter Kit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating