CVE-2018-5446

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.

CVE-2018-5448

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.