OS Command Injection Vulnerability in Tiandy Easy7 Integrated Management Platform
CVE-2026-4585
Key Information:
- Vendor
Tiandy
- Vendor
- CVE Published:
- 23 March 2026
Badges
What is CVE-2026-4585?
An OS command injection vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform, specifically affecting versions up to 7.17.0. This flaw resides in the Configuration Handler component, particularly within the ImportSystemConfiguration.jsp file. By manipulating the argument in this file, an attacker could exploit the vulnerability to execute arbitrary OS commands. This attack can be carried out remotely, making it particularly concerning. Disclosure of this exploit has already occurred publicly, yet the vendor has not provided any response regarding mitigation or further details.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Easy7 Integrated Management Platform 7.0
Easy7 Integrated Management Platform 7.1
Easy7 Integrated Management Platform 7.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved