Tiandy Video Surveillance System Unrestricted File Upload Vulnerability in Version 7.17.0

Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in Tiandy Video Surveillance System version 7.17.0. The issue arises in the 'uploadFile' function within 'CLS_REST_File.java', where the 'fileName' argument is not properly validated. This lack of validation enables attackers to upload files of any type, such as JSP, EXE, or shell scripts. If the uploaded file is placed in a directory accessible via the web, and the server allows execution of such files, this could lead to remote code execution by uploading a web shell and executing it through a URL.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, potentially leading to remote code execution if the uploaded file is executed by the server.

Added: Mar 9, 2026, 4:25 AM

Updated: Mar 9, 2026, 4:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.2

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.2

remediation

0.0

relevance

3.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tiandy Video Surveillance System Unrestricted File Upload Vulnerability in Version 7.17.0

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating