EUVD-2026-14410
GHSA-q4p4-47vp-j2h2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Tags
Description
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
A critical OS command injection vulnerability exists in Tiandy Easy7 Integrated Management Platform versions up to 7.17.0, specifically in the ImportSystemConfiguration.jsp file's Configuration Handler. Attackers can remotely execute arbitrary operating system commands without authentication by manipulating the 'File' parameter. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Tiandy Easy7 installations and versions; isolate affected systems from production networks if possible; enable enhanced logging and monitoring. Within 7 days: Deploy network-based mitigations (WAF rules blocking ImportSystemConfiguration.jsp requests with suspicious File parameters); restrict administrative access to the platform; implement network segmentation to limit lateral movement. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today