CVE-2026-4221
Awaiting Analysis Awaiting Analysis - Queue
Unrestricted File Upload in Tiandy Easy7 Endpoint Enables Remote Attack

Publication date: 2026-03-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4221
EUVD
EUVD-2026-12357
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tiandy easy7_integrated_management_platform 7.17.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint of the Endpoint component. It allows an attacker to manipulate the File argument to perform an unrestricted file upload. This means that an attacker can upload arbitrary files to the system without proper restrictions or validation.

The attack can be launched remotely, and the exploit has already been made public. The vendor was notified early but did not respond.

Impact Analysis

The unrestricted file upload vulnerability can lead to several impacts including unauthorized access, data compromise, or system takeover. An attacker could upload malicious files such as web shells or malware, potentially gaining control over the affected system or disrupting its normal operation.

Because the attack can be performed remotely without authentication, it increases the risk of exploitation and can lead to confidentiality, integrity, and availability issues.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4221. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart