| Titel | Tiandy Technologies Co., Ltd. Easy7 Integrated Management Platform 7.17.0 Missing Authentication |
|---|
| Beschreibung | A critical authentication bypass vulnerability exists in the Eas7 Integrated Management Platform. An unauthenticated remote attacker can obtain a valid device identifier (Id) by accessing the UpdateLocalDevInfo.jsp endpoint. By leveraging this Id, the attacker can subsequently invoke the GetCmsDbInfo.jsp interface to retrieve sensitive database configuration details, including the connection string, plaintext username, and password. This vulnerability grants full access to the underlying database, allowing for unauthorized data exfiltration, modification, or destruction, and potentially leading to full system compromise. |
|---|
| Quelle | ⚠️ https://my.feishu.cn/docx/Vc4QdU5KNoMF57xxubOcBwPSnqf?from=from_copylink |
|---|
| Benutzer | 0menc (UID 75423) |
|---|
| Einreichung | 02.03.2026 11:25 (vor 2 Monaten) |
|---|
| Moderieren | 14.03.2026 23:25 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 351093 [Tiandy Easy7 Integrated Management Platform 7.17.0 Device Identifier UpdateLocalDevInfo.jsp username/password schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|