CVE-2026-2985

Tiandy Video Surveillance System 视频监控平台 CLSBODownLoad.java downloadImage server-side request forgery

CVSS 5.3 MEDIUMEPSS 0.3%CWE-918

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 feb 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

Tiandy · Video Surveillance System 视频监控平台

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://my.feishu.cn/wiki/C1TIwBoJziINWlkGt8ucnZJPnEb?from=from_copylink https://vuldb.com/?ctiid.347368 https://vuldb.com/?id.347368 https://vuldb.com/?submit.756137