top of page
perceptive_background_267k.jpg

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatā€¦

Published:

16 March 2026 at 23:00:00

Alert date:

17 March 2026 at 15:03:40

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies

A SQL injection vulnerability has been discovered in Tiandy Easy7 Integrated Management Platform version 7.17.0. The vulnerability affects the /rest/devStatus/queryResources endpoint where manipulation of the areaId parameter leads to SQL injection. The attack can be performed remotely and public exploits are available. The vendor was contacted but did not respond to the disclosure.

Technical details

Mitigation steps:

Affected products:

Tiandy Easy7 Integrated Management Platform

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-4287
https://my.feishu.cn/docx/F68OduQq8oI2MdxmjHlch8u5n8f?from=from_copylink
https://vuldb.com/?ctiid.351292
https://vuldb.com/?id.351292
https://vuldb.com/?submit.771956

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page