CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery

Full Article URL: https://vuldb.com/?id.347368
Textarea URL (this page): <a href="https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxNzazAACQTgj-_2026-02-22">https://textarea.nl/i/eNrLKCkpKLbS1y8rzUlJ0kvOz9W3z0zRMzYxNzazAACQTgj-_2026-02-22
Source: https://vuldb.com/?rss.recent
Vuldb: https://vuldb.com
Publication date: 2026-02-22 17:53:27
Last retrieval: 2026-02-22 20:46:25.184738

17:53 - 22 Feb 2026

vuldb.com

A vulnerability classified as critical has been found in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. This vulnerability is reported as CVE-2026-2985. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

https://vuldb.com/?id.347368

CVE-2026-2985 | Tiandy Video Surveillance System 视频监控平台 7.17.0 CLSBODownLoad.java downloadImage urlPath server-side request forgery

Article info: