CVE-2026-9466— Tiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password recovery
Affected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Tiandy | Easy7 Integrated Management Platform | 7.17.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9466
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password recovery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
忘记口令恢复机制弱
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tiandy Easy7 Integrated Management Platform 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tiandy Easy7 Integrated Management Platform是中国Tiandy公司的一款视频监控综合管理平台。 Tiandy Easy7 Integrated Management Platform 7.17.0版本存在授权问题漏洞,该漏洞源于组件API Endpoint中文件/rest/user/updateUserPassword的处理,可能导致弱密码恢复。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Tiandy | Easy7 Integrated Management Platform | 7.17.0 | cpe:2.3:a:tiandy:easy7_integrated_management_platform:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-9466
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9466
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-9466 (1)
IV. Related Vulnerabilities
Same product: Easy7 Integrated Management Platform
- CVE-2026-9465
Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp - CVE-2026-7698
Tiandy Easy7 Integrated Management Platform updateDbBackupIn - CVE-2026-4585
Tiandy Easy7 Integrated Management Platform Configuration Im - CVE-2026-4289
Tiandy Easy7 Integrated Management Platform getRecByTemplate - CVE-2026-4288
Tiandy Easy7 Integrated Management Platform Endpoint getDevD
Same vendor: Tiandy
- CVE-2026-9465
Tiandy Easy7 Integrated Management Platform GetDBDataEx.jsp - CVE-2026-7698
Tiandy Easy7 Integrated Management Platform updateDbBackupIn - CVE-2026-4585
Tiandy Easy7 Integrated Management Platform Configuration Im - CVE-2026-4289
Tiandy Easy7 Integrated Management Platform getRecByTemplate - CVE-2026-4288
Tiandy Easy7 Integrated Management Platform Endpoint getDevD
Same weakness: CWE-640
- CVE-2026-10169
OUSL-GROUP-BrinaryBrains School Student Management System Fo - CVE-2026-7459
Simple History – Track, Log, and Audit WordPress Changes <= - CVE-2026-35676
phpMyFAQ - Unauthenticated Password Reset via User Password - CVE-2026-9609
QianFox FoxCMS Admin.php edit password recovery - CVE-2026-42606
AzuraCast: Password Reset Poisoning via Untrusted X-Forwarde
V. Comments for CVE-2026-9466
No comments yet