Submit #804048: Tiandy Technologies Co., Ltd. Tiandy-Easy7 7.17.0 OS Command Injectioninfo

TitleTiandy Technologies Co., Ltd. Tiandy-Easy7 7.17.0 OS Command Injection
DescriptionThere is a critical remote command execution (RCE) vulnerability in the updateDbBackupInfo interface. An unauthenticated remote attacker can execute arbitrary commands via the week parameter. Successful exploitation of this vulnerability would enable the attacker to execute arbitrary commands with administrator privileges (such as root privileges), thereby posing a threat to the entire system.
Source⚠️ https://ucn9h68n9289.feishu.cn/wiki/Yslcw7QqWiRjUZkCcvkcJI62n2c
User
 bigbrother_man (UID 96003)
Submission04/14/2026 04:26 (3 months ago)
Moderation05/02/2026 22:07 (19 days later)
StatusAccepted
VulDB entry360867 [Tiandy Easy7 Integrated Management Platform 7.17.0 updateDbBackupInfo week os command injection]
Points19

Do you know our Splunk app?

Download it now for free!