Tiandy Easy7 Integrated Management Platform OS Command Injection Vulnerability
Vulnerability
A critical OS command injection vulnerability has been identified in Tiandy Easy7 Integrated Management Platform versions prior to 7.17.0. The issue resides in the Configuration Handler component, specifically within the ImportSystemConfiguration.jsp file. The vulnerability allows remote, unauthenticated attackers to manipulate the 'File' argument, leading to the execution of arbitrary OS commands with administrative privileges. Exploitation is facilitated by uploading a specially crafted .bin file containing malicious commands, which are then executed via the sh shell.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the server, with administrative privileges, potentially leading to a full system compromise.
Reproduction
To reproduce this vulnerability, upload a malicious .bin file through the ImportSystemConfiguration.jsp endpoint. The file should contain OS commands that will be executed on the server. This can be done by manipulating the 'File' argument in the request.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.