Midv-679

| Impact | Description | |--------|-------------| | Confidentiality | Full compromise of the host allows exfiltration of all stored DICOM studies, patient identifiers, and audit logs. | | Integrity | Attacker can modify or delete imaging data, tamper with diagnostic reports, and insert forged images. | | Availability | Remote code execution can be leveraged to install ransomware, crash services, or create persistent back‑doors. | | Privilege Escalation | The MIDV service runs as a dedicated, low‑privilege system user (midv). However, the user has write access to the application’s webapps directory and the DICOM storage root (/opt/midv/data), which is sufficient for further lateral movement in typical hospital networks. | | Regulatory | A breach of protected health information (PHI) triggers HIPAA violations and potentially GDPR fines if patient data of EU citizens is involved. |

Overall, MIDV‑679 provides unrestricted remote code execution without authentication, making it a critical vulnerability for any health‑care environment that deploys the MIDV Imaging Suite. MIDV-679

Includes mobile capture UI, OCR improvements, client-side validation, liveness checks, backend processing pipeline, and monitoring/metrics. Includes mobile capture UI

| Item | Qty | Check | |------|-----|-------| | MIDV‑679 main unit | 1 | ✔ | | 12 V DC power adapter (18 W) | 1 | ✔ | | USB‑C charging cable (1 m) | 1 | ✔ | | Ethernet patch cable (1 m) | 1 | ✔ | | Quick‑start guide (paper) | 1 | ✔ | | Warranty card | 1 | ✔ | | Optional Li‑ion battery pack | 0‑1 | (if ordered) | | M.2 SSD (pre‑installed) | 1 (optional) | ✔ | | Micro‑SD card (16 GB) | 1 (optional) | ✔ | backend processing pipeline