| शीर्षक | Tiandy Technologies Co., Ltd. Easy7 Integrated Management Platform 7.17.0 Weak Password Recovery |
|---|
| विवरण | A critical vulnerability was found in the Easy7 Integrated Management Platform. The issue affects the API endpoint /Easy7/rest/user/updateUserPassword.
The component fails to implement any authentication or authorization checks. A remote, unauthenticated attacker can send a specially crafted POST request containing the userId or userName parameters to reset the password of any user, including the administrator (admin).
Exploiting this vulnerability allows an attacker to gain full administrative control over the system without any prior credentials. This leads to a complete compromise of the system's Confidentiality, Integrity, and Availability. |
|---|
| स्रोत | ⚠️ https://ucn9h68n9289.feishu.cn/wiki/DRghw6X8piOtClkjBkHcfgvtnPx?from=from_copylink |
|---|
| उपयोगकर्ता | bigbrother_man (UID 96003) |
|---|
| सबमिशन | 27/04/2026 10:22 AM (1 महीना पहले) |
|---|
| संयम | 24/05/2026 10:55 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365447 [Tiandy Easy7 Integrated Management Platform 7.17.0 API Endpoint updateUserPassword अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|