Skip to main content

E Clinic Healthcare System Echs

3 CVEs product

Monthly

CVE-2026-8033 MEDIUM POC This Month

Information disclosure in PicoTronica e-Clinic Healthcare System ECHS 5.7 allows remote unauthenticated attackers to extract sensitive data via the Response Header Handler in the /cdemos/echs/api/v2/ endpoint. The vulnerability has been publicly disclosed with exploit code available, and a patch (version 5.7.1) has been released by the vendor.

Information Disclosure E Clinic Healthcare System Echs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8032 MEDIUM POC This Month

Hard-coded administrative credentials in PicoTronica e-Clinic Healthcare System ECHS 5.7 enable remote attackers to bypass authentication and gain privileged access to the healthcare management platform. The vulnerability resides in the /cdemos/echs/priv/echs.js file where the ADMIN_KEY parameter contains static credentials, allowing network-level exploitation without authentication (AV:N/PR:N). Public exploit documentation exists, though CISA KEV does not list active exploitation. EPSS data unavailable, but the combination of healthcare sector targeting, authentication bypass capability, and public POC elevates real-world risk despite moderate CVSS 7.3 scoring.

Authentication Bypass E Clinic Healthcare System Echs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8031 MEDIUM POC This Month

Missing authentication in PicoTronica e-Clinic Healthcare System ECHS 5.7 allows remote unauthenticated attackers to access the /cdemos/echs/api/v2/patient-records API endpoint and retrieve sensitive patient information. Publicly available exploit code exists for this vulnerability. The vendor released patched version 5.7.1 to address the issue.

Authentication Bypass E Clinic Healthcare System Echs
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Information disclosure in PicoTronica e-Clinic Healthcare System ECHS 5.7 allows remote unauthenticated attackers to extract sensitive data via the Response Header Handler in the /cdemos/echs/api/v2/ endpoint. The vulnerability has been publicly disclosed with exploit code available, and a patch (version 5.7.1) has been released by the vendor.

Information Disclosure E Clinic Healthcare System Echs
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Hard-coded administrative credentials in PicoTronica e-Clinic Healthcare System ECHS 5.7 enable remote attackers to bypass authentication and gain privileged access to the healthcare management platform. The vulnerability resides in the /cdemos/echs/priv/echs.js file where the ADMIN_KEY parameter contains static credentials, allowing network-level exploitation without authentication (AV:N/PR:N). Public exploit documentation exists, though CISA KEV does not list active exploitation. EPSS data unavailable, but the combination of healthcare sector targeting, authentication bypass capability, and public POC elevates real-world risk despite moderate CVSS 7.3 scoring.

Authentication Bypass E Clinic Healthcare System Echs
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Missing authentication in PicoTronica e-Clinic Healthcare System ECHS 5.7 allows remote unauthenticated attackers to access the /cdemos/echs/api/v2/patient-records API endpoint and retrieve sensitive patient information. Publicly available exploit code exists for this vulnerability. The vendor released patched version 5.7.1 to address the issue.

Authentication Bypass E Clinic Healthcare System Echs
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy