Dario Health USB-C Blood Glucose Monitoring System Vulnerability Allowing File Manipulation and Data Exposure
Vulnerability
A vulnerability exists in the Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application, specifically in versions through 5.8.7.0.36. The issue arises from an insecure file retrieval process that could be exploited to manipulate files, potentially disrupting the application's stability. This vulnerability also jeopardizes the confidentiality, integrity, authenticity, and attestation of stored data by allowing private personal information and health data to be exposed to unauthorized actors.
Impact
Exploitation of this vulnerability could lead to unauthorized file manipulation, disrupting product stability, and compromising the confidentiality, integrity, authenticity, and attestation of stored data. Additionally, there is a risk of exposing cross-user personal identifiable information and personal health information to unauthorized actors.
Remediation
Users are advised to update the Dario Health Android application to the latest version. For more information, contact Dario Health directly.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.