Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for video_surveillance_system_firmware by tiandy

    CVE-2026-3797 (GCVE-0-2026-3797)

    Vulnerability from nvd – Published: 2026-03-09 02:32 – Updated: 2026-03-10 20:17
    VLAI
    Title
    Tiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted upload
    Summary
    A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349764 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349764 signaturepermissions-required
    https://vuldb.com/?submit.766386 third-party-advisory
    https://my.feishu.cn/docx/P3Bgdl9BHocn66xCMpCcgCD… exploit
    Impacted products
    Credits
    red88-debug (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3797",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T20:16:55.429449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T20:17:05.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0",
              "vendor": "Tiandy",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.17.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "red88-debug (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tiandy Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T02:32:20.573Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349764 | Tiandy Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0 CLS_REST_File.java uploadFile unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349764"
            },
            {
              "name": "VDB-349764 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349764"
            },
            {
              "name": "Submit #766386 | Tiandy video surveillance system 7.17.0 Unrestricted Upload of File with Dangerous Type",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.766386"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://my.feishu.cn/docx/P3Bgdl9BHocn66xCMpCcgCD7nhe?from=from_copylink"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T12:28:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tiandy Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0 CLS_REST_File.java uploadFile unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3797",
        "datePublished": "2026-03-09T02:32:20.573Z",
        "dateReserved": "2026-03-08T11:23:35.419Z",
        "dateUpdated": "2026-03-10T20:17:05.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3797 (GCVE-0-2026-3797)

    Vulnerability from cvelistv5 – Published: 2026-03-09 02:32 – Updated: 2026-03-10 20:17
    VLAI
    Title
    Tiandy Video Surveillance System 视频监控平台 CLS_REST_File.java uploadFile unrestricted upload
    Summary
    A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349764 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349764 signaturepermissions-required
    https://vuldb.com/?submit.766386 third-party-advisory
    https://my.feishu.cn/docx/P3Bgdl9BHocn66xCMpCcgCD… exploit
    Impacted products
    Credits
    red88-debug (VulDB User) VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3797",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-10T20:16:55.429449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-10T20:17:05.763Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0",
              "vendor": "Tiandy",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.17.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "red88-debug (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in Tiandy Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-09T02:32:20.573Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349764 | Tiandy Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0 CLS_REST_File.java uploadFile unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349764"
            },
            {
              "name": "VDB-349764 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349764"
            },
            {
              "name": "Submit #766386 | Tiandy video surveillance system 7.17.0 Unrestricted Upload of File with Dangerous Type",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.766386"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://my.feishu.cn/docx/P3Bgdl9BHocn66xCMpCcgCD7nhe?from=from_copylink"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-08T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-08T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-08T12:28:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Tiandy Video Surveillance System \u89c6\u9891\u76d1\u63a7\u5e73\u53f0 CLS_REST_File.java uploadFile unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3797",
        "datePublished": "2026-03-09T02:32:20.573Z",
        "dateReserved": "2026-03-08T11:23:35.419Z",
        "dateUpdated": "2026-03-10T20:17:05.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }