Information disclosure in Philips DreamMapper [CVE-2020-14518]

This vulnerability allows a remote attacker to gain access to sensitive information. This vulnerability exists due to how the software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data. The attacker would have to trick the victim to open a a specially crafted app in order to gain access to the logs.

The following versions of DreamMapper, a mobile app used to manage sleep apnea, are affected:

  • DreamMapper Version 2.24 and prior

Philips plans a new release for the DreamMapper app by June 30th 2021, that remediates this vulnerability.

Users with questions regarding their specific Philips DreamMapper installations should contact a Philips service support team or regional service support.

The Philips advisory is available at the following URL: http://www.philips.com/productsecurity

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: