This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: MedDream PACS Premium has an **Arbitrary File Read** flaw in the `encapsulatedDoc` feature. <br>π₯ **Consequences**: Attackers can read **any file** on the server.β¦
π‘οΈ **Root Cause**: **CWE-73** (External Control of File Name or Path). <br>π **Flaw**: The `encapsulatedDoc` function fails to properly sanitize user input, allowing path traversal to access unauthorized files.
Q3Who is affected? (Versions/Components)
π₯ **Affected Vendor**: MedDream. <br>π¦ **Product**: MedDream PACS Premium. <br>π **Version**: Specifically **7.3.6.870**. Check if your deployment matches this exact build.
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Attacker Actions**: Read **arbitrary files** from the server filesystem. <br>π **Privileges**: Requires **Low Privileges** (PR:L). <br>π **Impact**: High Confidentiality (C:H) and High Integrity (I:H) impact.β¦
π οΈ **Official Fix**: **Patch Available**. <br>π **Published**: 2026-01-20. <br>β **Action**: Upgrade to a version newer than 7.3.6.870 or apply the vendor's security patch immediately.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>1οΈβ£ **Isolate**: Restrict network access to the PACS server. <br>2οΈβ£ **WAF**: Deploy Web Application Firewall rules to block path traversal attempts in `encapsulatedDoc` requests.β¦
β‘ **Urgency**: **HIGH**. <br>π₯ **Priority**: Critical. <br>π **CVSS**: High severity (C:H, I:H). <br>π₯ **Risk**: Medical data privacy is paramount.β¦