CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery

A vulnerability classified as critical has been found in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery.

This vulnerability is reported as CVE-2026-2985. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery

Post correlati

CVE-2023-52847 | Linux Kernel up to 6.6.1 bttv use after free

CVE-2024-29869 | Apache Hive up to 4.0.0 permission assignment

CVE-2025-26386 | Johnson Controls iSTAR Configuration Utility up to 6.9.7 stack-based overflow

CVE-2025-43722 | Dell PowerScale OneFS up to 9.12.0.0 privileges management (dsa-2025-319)