EUVD-2026-31698
GHSA-7frc-fvv8-6vw2
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Weak password recovery in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes the /rest/user/updateUserPassword API endpoint to unauthenticated remote manipulation, enabling an attacker to interfere with the password update process and achieve unauthorized integrity impact on user credentials (CWE-640). The CVSS 4.0 vector confirms unauthenticated network access with no prerequisites, and a public exploit has been disclosed via Feishu documentation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions are required for initial exploitation - the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms remote, unauthenticated exploitation against the `/rest/user/updateUserPassword` endpoint of Tiandy Easy7 7.17.0 with no user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.5 with vector AV:N/AC:L/AT:N/PR:N/UI:N reflects a remotely exploitable, unauthenticated flaw requiring no interaction - a broad attack surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies a Tiandy Easy7 7.17.0 instance accessible over the network and sends a crafted HTTP request to the `/rest/user/updateUserPassword` endpoint, exploiting the missing or bypassable authentication check to submit a password change for a target account without possessing the current credential. A public exploit demonstrating this technique has been disclosed at the referenced Feishu wiki link, lowering attacker skill requirements significantly. |
| Remediation | No vendor-released patch has been identified at time of analysis - Tiandy did not respond to coordinated disclosure, so no official fix version exists to cite. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today