Easy7 Integrated Management Platform
Monthly
Weak password recovery in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes the `/rest/user/updateUserPassword` API endpoint to unauthenticated remote manipulation, enabling an attacker to interfere with the password update process and achieve unauthorized integrity impact on user credentials (CWE-640). The CVSS 4.0 vector confirms unauthenticated network access with no prerequisites, and a public exploit has been disclosed via Feishu documentation. Despite the public POC, EPSS sits at 0.03% (8th percentile), indicating no widespread automated exploitation has been observed; the vendor did not respond to coordinated disclosure, leaving the flaw unpatched.
Unauthenticated SQL injection in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes database contents to remote attackers via the strTBName parameter of the GetDBDataEx.jsp web service endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and exploit code has been made publicly available, raising the operational risk despite a relatively low EPSS score of 0.03%. The vendor was notified prior to public disclosure but did not respond, and no vendor-released patch has been identified at time of analysis.
OS command injection in Tiandy Easy7 Integrated Management Platform 7.17.0 allows remote unauthenticated attackers to execute arbitrary system commands via the 'week' parameter in the /Easy7/rest/systemInfo/updateDbBackupInfo endpoint. The vulnerability has publicly available exploit code and is being actively tracked; the vendor has not responded to disclosure attempts.
A critical OS command injection vulnerability exists in Tiandy Easy7 Integrated Management Platform versions up to 7.17.0, specifically in the ImportSystemConfiguration.jsp file's Configuration Handler. Attackers can remotely execute arbitrary operating system commands without authentication by manipulating the 'File' parameter. A public proof-of-concept exploit has been disclosed and is available, significantly increasing the risk of active exploitation, though the vendor has not responded to disclosure attempts.
SQL injection in Tiandy Easy7 Integrated Management Platform versions up to 7.17.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /rest/preSetTemplate/getRecByTemplateId endpoint, potentially enabling unauthorized data access, modification, or service disruption. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an SQL injection vulnerability in the /rest/devStatus/getDevDetailedInfo endpoint that allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. The vulnerability enables unauthorized access to, modification of, and disruption of sensitive data, with public exploit code already available. No patch has been released despite early vendor notification.
An unrestricted file upload vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint. This vulnerability allows remote attackers without authentication to upload arbitrary files, potentially leading to remote code execution. A proof-of-concept exploit has been publicly released and the vendor has not responded to disclosure attempts, leaving this vulnerability unpatched and actively exploitable.
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an authentication bypass in the Device Identifier Handler component that allows unauthenticated remote attackers to manipulate username and password parameters via the /WebService/UpdateLocalDevInfo.jsp endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.
Weak password recovery in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes the `/rest/user/updateUserPassword` API endpoint to unauthenticated remote manipulation, enabling an attacker to interfere with the password update process and achieve unauthorized integrity impact on user credentials (CWE-640). The CVSS 4.0 vector confirms unauthenticated network access with no prerequisites, and a public exploit has been disclosed via Feishu documentation. Despite the public POC, EPSS sits at 0.03% (8th percentile), indicating no widespread automated exploitation has been observed; the vendor did not respond to coordinated disclosure, leaving the flaw unpatched.
Unauthenticated SQL injection in Tiandy Easy7 Integrated Management Platform 7.17.0 exposes database contents to remote attackers via the strTBName parameter of the GetDBDataEx.jsp web service endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and exploit code has been made publicly available, raising the operational risk despite a relatively low EPSS score of 0.03%. The vendor was notified prior to public disclosure but did not respond, and no vendor-released patch has been identified at time of analysis.
OS command injection in Tiandy Easy7 Integrated Management Platform 7.17.0 allows remote unauthenticated attackers to execute arbitrary system commands via the 'week' parameter in the /Easy7/rest/systemInfo/updateDbBackupInfo endpoint. The vulnerability has publicly available exploit code and is being actively tracked; the vendor has not responded to disclosure attempts.
A critical OS command injection vulnerability exists in Tiandy Easy7 Integrated Management Platform versions up to 7.17.0, specifically in the ImportSystemConfiguration.jsp file's Configuration Handler. Attackers can remotely execute arbitrary operating system commands without authentication by manipulating the 'File' parameter. A public proof-of-concept exploit has been disclosed and is available, significantly increasing the risk of active exploitation, though the vendor has not responded to disclosure attempts.
SQL injection in Tiandy Easy7 Integrated Management Platform versions up to 7.17.0 allows unauthenticated remote attackers to manipulate the ID parameter in the /rest/preSetTemplate/getRecByTemplateId endpoint, potentially enabling unauthorized data access, modification, or service disruption. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an SQL injection vulnerability in the /rest/devStatus/getDevDetailedInfo endpoint that allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. The vulnerability enables unauthorized access to, modification of, and disruption of sensitive data, with public exploit code already available. No patch has been released despite early vendor notification.
An unrestricted file upload vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint. This vulnerability allows remote attackers without authentication to upload arbitrary files, potentially leading to remote code execution. A proof-of-concept exploit has been publicly released and the vendor has not responded to disclosure attempts, leaving this vulnerability unpatched and actively exploitable.
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an authentication bypass in the Device Identifier Handler component that allows unauthenticated remote attackers to manipulate username and password parameters via the /WebService/UpdateLocalDevInfo.jsp endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.