CVE-2026-4187 | Tiandy Easy7 Integrated Management Platform 7.17.0 Device Identifier UpdateLocalDevInfo.jsp username/password missing authentication

A vulnerability classified as critical was found in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication.

This vulnerability is uniquely identified as CVE-2026-4187. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4187 | Tiandy Easy7 Integrated Management Platform 7.17.0 Device Identifier UpdateLocalDevInfo.jsp username/password missing authentication

Post correlati

CVE-2024-57947 | Linux Kernel up to 5.15.164/6.1.102/6.6.43/6.10.2 netfilter nft_concat_range.sh memset buffer overflow

CVE-2025-8261 | Vaelsys 4.1.0 User Creation /grid/vgrid_server.php improper authorization

CVE-2026-20791 | Chargemap Web-based Mapping insufficiently protected credentials (icsa-26-057-05)

CVE-2024-0183 | RRJ Nueva Ecija Engineer Online Portal 1.0 NIA Office /admin/students.php cross site scripting