PT-2026-25620 · Tiandy · Easy7 Integrated Management Platform
0Menc
+1
·
Published
2026-03-16
·
Updated
2026-03-16
·
CVE-2026-4221
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Tiandy Easy7 Integrated Management Platform version 7.17.0
Description
A flaw exists within the Tiandy Easy7 Integrated Management Platform that allows for unrestricted file uploads. This issue affects the
/rest/file/uploadLedImage endpoint of the Endpoint component. The File parameter can be manipulated to achieve this unrestricted upload, and the attack can be initiated remotely. The exploit for this issue has been publicly released.Recommendations
Tiandy Easy7 Integrated Management Platform version 7.17.0: Address the unrestricted upload issue in the
/rest/file/uploadLedImage endpoint by validating the File parameter.Exploit
Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Easy7 Integrated Management Platform