CVE-2026-4221
Awaiting Analysis Awaiting Analysis - Queue
Unrestricted File Upload in Tiandy Easy7 Endpoint Enables Remote Attack

Publication date: 2026-03-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Tiandy Easy7 Integrated Management Platform 7.17.0. This affects an unknown part of the file /rest/file/uploadLedImage of the component Endpoint. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-03-16
EPSS Evaluated
2026-05-05
NVD
CVE-2026-4221
EUVD
EUVD-2026-12357
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tiandy easy7_integrated_management_platform 7.17.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically in the /rest/file/uploadLedImage endpoint of the Endpoint component. It allows an attacker to manipulate the File argument to perform an unrestricted file upload. This means that an attacker can upload arbitrary files to the system without proper restrictions or validation.

The attack can be launched remotely, and the exploit has already been made public. The vendor was notified early but did not respond.


How can this vulnerability impact me? :

The unrestricted file upload vulnerability can lead to several impacts including unauthorized access, data compromise, or system takeover. An attacker could upload malicious files such as web shells or malware, potentially gaining control over the affected system or disrupting its normal operation.

Because the attack can be performed remotely without authentication, it increases the risk of exploitation and can lead to confidentiality, integrity, and availability issues.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart