VYPR
Vendor

Tiandy

Products
5
CVEs
13
Across products
14
Status
Private

Products

5

Recent CVEs

13
  • CVE-2026-4585CriMar 23, 2026
    risk 0.64cvss 9.8epss 0.03

    A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. The manipulation of the argument File…

  • CVE-2017-15236HigOct 11, 2017
    risk 0.52cvss 7.5epss 0.04

    Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.

  • CVE-2026-7698HigMay 3, 2026
    risk 0.48cvss 7.3epss 0.02

    A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown functionality of the file /Easy7/rest/systemInfo/updateDbBackupInfo. Such manipulation of the argument week leads to os command injection. The…

  • CVE-2026-9465HigMay 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/GetDBDataEx.jsp. Performing a manipulation of the argument strTBName results in sql injection. Remote exploitation of the…

  • CVE-2026-4288HigMar 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The…

  • CVE-2026-4287HigMar 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpoint. Performing a manipulation of the argument areaId results in sql injection.…

  • CVE-2026-4232HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched…

  • CVE-2026-4221HigMar 16, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched…

  • CVE-2026-3818HigMar 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and…

  • CVE-2026-3797MedMar 9, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to…

  • CVE-2026-2985MedFeb 23, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request…

  • CVE-2026-9466MedMay 25, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can…

  • CVE-2026-4187MedMar 16, 2026
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing…