Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Tiandy Video Surveillance System allows hackers to steal images
CVE-2026-2985
Summary
A security flaw in the Tiandy Video Surveillance System version 7.17.0 allows hackers to access and steal sensitive images from the system. This is a serious issue because it can be exploited remotely by an attacker, and an exploit has already been released. To protect your system, consider upgrading to a patched version or taking immediate action to secure your network.
Original title
A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a...
Original description
A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a manipulation of the argument urlPath results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026