CVE-2026-4585

Summary

A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
TiandyEasy7 Integrated Management Platform7.0affected
TiandyEasy7 Integrated Management Platform7.1affected
TiandyEasy7 Integrated Management Platform7.2affected
TiandyEasy7 Integrated Management Platform7.3affected
TiandyEasy7 Integrated Management Platform7.4affected
TiandyEasy7 Integrated Management Platform7.5affected
TiandyEasy7 Integrated Management Platform7.6affected
TiandyEasy7 Integrated Management Platform7.7affected
TiandyEasy7 Integrated Management Platform7.8affected
TiandyEasy7 Integrated Management Platform7.9affected
TiandyEasy7 Integrated Management Platform7.10affected
TiandyEasy7 Integrated Management Platform7.11affected
TiandyEasy7 Integrated Management Platform7.12affected
TiandyEasy7 Integrated Management Platform7.13affected
TiandyEasy7 Integrated Management Platform7.14affected
TiandyEasy7 Integrated Management Platform7.15affected
TiandyEasy7 Integrated Management Platform7.16affected
TiandyEasy7 Integrated Management Platform7.17.0affected

Weaknesses

  • CWE-78: OS Command Injection
  • CWE-77: Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References