Primary

Context

Wowjoy Internet Doctor Workstation System Improper Authorization Vulnerability

Vulnerability

An improper authorization vulnerability has been identified in Wowjoy's Internet Doctor Workstation System version 1.0. The issue resides in an unknown functionality of the file '/v1/pushConfig/detail/', allowing unauthorized access to sensitive user information such as names, ID card details, phone numbers, and medical conditions. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows unauthorized access to user information, including personal and medical details.

Reproduction

The vulnerability can be reproduced by sending a request to the '/v1/pushConfig/detail/' endpoint without proper authorization. This request will return sensitive user information, demonstrating the unauthorized access flaw.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Wowjoy Internet Doctor Workstation System Improper Authorization Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating