CVE-2026-3797

216.73.216.233

· Published 09/03/2026 04:16 · Modified 10/03/2026 18:48

Labels: CVE-2026-3797 2026-03-09 CVE-2026-3797 CWE-284 CWE-434 [email protected]

Essential information

Published: 09/03/2026 04:16
Modified: 10/03/2026 18:48
Author: —
Creator: —
CVSS: 5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the argument fileName leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
tiandy / video surveillance system firmware	`cpe:2.3:o:tiandy:video_surveillance_system_firmware:7.17.0:::::::*`
tiandy / video surveillance system	`cpe:2.3:h:tiandy:video_surveillance_system:-:::::::*`