RCE in Tiandy Easy7 Integrated Management Platform
CVE-2026-4585
A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of the component Configuration Handler. Th…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.002 (44.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.
Affected products
- Tiandy Easy7 Integrated Management Platform — versions 7.0, 7.1, 7.2
Weakness classification (CWE)
References
- VDB-352422 | Tiandy Easy7 Integrated Management Platform Configuration ImportSystemConfiguration.jsp os command injection (vdb-entry, technical-description)
- VDB-352422 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
- Submit #775457 | Tiandy Technologies Co., Ltd. Tiandy Easy7 Integrated Management Platform 7.17.0 OS Command Injection (third-party-advisory)
- my.feishu.cn/docx/WkHjd3oajoIw5exHk9ecUHaFnKd (exploit)
Frequently asked questions
- What is CVE-2026-4585?
- CVE-2026-4585 is a critical-severity vulnerability in Tiandy Easy7 Integrated Management Platform, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-03-23.
- How severe is CVE-2026-4585?
- Critical severity. CVSS v3 base score is 9.8 out of 10.