CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery

A vulnerability classified as critical has been found in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery.

This vulnerability is reported as CVE-2026-2985. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery

Post correlati

CVE-2024-48648 | Sage 1000 7.0.0 cross site scripting

CVE-2024-26588 | Linux Kernel up to 6.0/6.1.74/6.6.13/6.7.1 BPF out-of-bounds

CVE-2024-25302 | SourceCodester Event Student Attendance System 1.0 student sql injection

CVE-2025-10370 | MiczFlor RPi-Jukebox-RFID up to 2.8.0 /htdocs/userScripts.php Custom script cross site scripting